Surely this situation is familiar: You have a PDF file and you need to turn it into .doc To edit it in Word. An option would be to pay the Premium version of Adobe Acrobat, which allows you to do it, but most likely we seek to “convert PDF to Word” into Google, we access an online tool and upload the PDF without the slightest prevention. Well, this action, so innocent in appearance, can end up regular, as they have warned from the FBI.
What happened. The FBI office in Denver has issued an official statement in which they claim that their agents “are increasingly detecting Related scams With free online document conversion tools. “The modus operandi is relatively simple:” criminals use free tools for online document conversion to load malware in victims computers, giving rise to incidents such as ransomware. “
How do they. From the agency they explain that cyberdelicuents are using free conversion or unloading tools. Although they do not give concrete names, they do notice that the attack vector can be a website that promises to convert a PDF to Word or Combine several images in PDFor a tool to download videos and/or convert MP4 into MP3. It is easy to imagine examples of these tools.
They work, but they go with a bug. These tools can work and comply with what is promised, but nothing guarantees that the returned file is not infected. PDFs can contain malwaresuch as a JavaScript code that exploits vulnerability or sets a process through commands on our PC. An MP3 can also be infected, although not infecting itself, but exploiting vulnerability in a player, for example. That is, the options are varied.
In an online file converter you have to take into account which files returns us and what we do with those we have uploaded
Who is looking at. Beyond returning an infected file, these tools can obtain valuable information from us another way: seeing the files we have uploaded. If we have uploaded a PDF with our mail and telephone number (we think of a CV), it is possible that whoever is behind the malicious website uses this information for little lawful purposes. Let’s not talk about bank information, passwords, photos in which we leave, etc.
The importance of going with an eye. It should be noted that not all online tools are malicious, much less. That a website has a privacy policy where they clearly explain what they do with your files, contact information and that is known is already a good indicative. When in doubt, it is always a good idea to pass the files generated by a platform as Virustotal.
Cover image | NaO Triponez and Markus Spiske edited by Xataka
In Xataka | If you use cable headphones, you are vulnerable: they are a caramel for hackers
GIPHY App Key not set. Please check settings