Hackread reports that widely used online file conversion tool PDFCandy.com has been spoofed to spread the ArechClient2 information-stealing malware.
Highly convincing pdfcandy.com copies with similar domains promoted through Google ads immediately ask visitors to upload a PDF file and display a bogus loading animation before triggering CAPTCHA verification and executing a command that would compromise targeted systems, according to a CloudSEK blog post. Analysis of the command revealed that it redirected to a ZIP file containing a folder with an executable that eventually led to the distribution of the ArechClient2 infostealer. Such findings come after a recent FBI advisory warning about the increased usage of fraudulent online file converters in malware attacks. "Cybercriminals across the globe are using any type of free document converter or downloader tool. This might be a website claiming to convert one type of file to another, such as a .doc file to a .pdf file," said the FBI, which urged for increased vigilance on the legitimacy of online file conversion services.
Highly convincing pdfcandy.com copies with similar domains promoted through Google ads immediately ask visitors to upload a PDF file and display a bogus loading animation before triggering CAPTCHA verification and executing a command that would compromise targeted systems, according to a CloudSEK blog post. Analysis of the command revealed that it redirected to a ZIP file containing a folder with an executable that eventually led to the distribution of the ArechClient2 infostealer. Such findings come after a recent FBI advisory warning about the increased usage of fraudulent online file converters in malware attacks. "Cybercriminals across the globe are using any type of free document converter or downloader tool. This might be a website claiming to convert one type of file to another, such as a .doc file to a .pdf file," said the FBI, which urged for increased vigilance on the legitimacy of online file conversion services.
