HQ/EMEAFind out how we can help your business
An advanced file converter phishing site known as Convertio has become a vector for malware propagation of the Redline Stealer. According to researchers, the Redline Stealer malware used the fake file converter website to target users that utilise the online converter tool for numerous purposes.
The Convertio website is an easy-access online kit that converts files into various formats such as documents, images, archives, eBooks, spreadsheets, video, and audio. The site instructs its users to select the input file when accessing the phishing page.
Once the user has chosen a file for conversion, they can select a target file extension. Subsequently, the users will be redirected by the site to a download page once they choose the file type and click the convert button on the webpage.
However, several viruses and payloads will spread on the user’s system once they click the download button on the phishing website through a downloaded zip archive. The site will then include a shortcut file instead of the user’s actual file type in the zip archive.
The shortcut file will download a couple of BAT files called 2[.]bat and 3[.]bat. These BAT files will add the file extensions “bat” and “exe” once the victim operates it. Moreover, it will download an executable file that contains a PDF payload.
The payload in the file converter phishing site is the Redline Stealer.
According to the analysts, the behaviour of the payload from the file converter phishing site is identical to the previously observed campaign of the Redline Stealer.
For additional threats, the payload could also target crypto wallets, browsers, and apps such as Steam, Discord, Telegram, FileZilla, and VPN clients. Additionally, it collects information regarding the compromised system, like the AV products, programs, languages, Operating system, executing processes, and hardware.
The threat actors’ remote server will receive the stolen data after gathering the target’s information.
Cybersecurity experts explained that applications or tools that many individuals widely use daily tend to attract attackers. Hence, users who constantly use online tools such as converters should observe their behaviour and ensure to use a legitimate and safe website.
