Pradeep Bairaboina@Tech Monitor
//
The Play ransomware group has been actively targeting organizations worldwide since June 2022, with the FBI reporting that approximately 900 entities have been compromised as of May 2025. These attacks span across North America, South America, and Europe, targeting a diverse range of businesses and critical infrastructure. The group employs a "double extortion" tactic, exfiltrating sensitive data before encrypting systems, putting additional pressure on victims to pay the ransom.
The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have issued updated advisories regarding the Play ransomware, highlighting new tactics, techniques, and procedures (TTPs) employed by the group. One notable tactic includes exploiting vulnerabilities in the SimpleHelp remote access tool. Specifically, multiple ransomware groups, including those affiliated with Play, have been actively targeting the CVE-2024-57727 path traversal vulnerability, which allows attackers to download arbitrary files from the SimpleHelp server. The advisories also note that Play operators regularly contact victims via phone, threatening to release stolen data if ransom demands are not met.
To mitigate the threat posed by Play ransomware, authorities recommend several proactive security measures, including implementing multifactor authentication, maintaining offline data backups, and developing and testing a recovery plan. It is also critical to keep all operating systems, software, and firmware updated to patch known vulnerabilities. SimpleHelp has released security updates to address the exploited vulnerabilities and strongly urges customers to apply these fixes immediately. While Play ransomware has been linked to attacks on critical infrastructure, including nine attacks impacting healthcare, experts recommend constant vigilance and proactive security strategies across all sectors.
Recommended read:
References :
- cyberinsider.com: FBI: Play Ransomware Breached 900 Organizations Worldwide
- DataBreaches.Net: CISA Alert: Updated Guidance on Play Ransomware
- The Register - Security: Play ransomware crims exploit SimpleHelp flaw in double-extortion schemes
- Tech Monitor: The FBI reports Play ransomware breached 900 firms by May 2025, up from October 2023, using recompiled malware and phone threats for ransoms.
- www.cybersecuritydive.com: The hacker group has breached hundreds of organizations and is working with others to exploit flaws in a popular remote support tool.
- CyberInsider: FBI: Play Ransomware Breached 900 Organizations Worldwide
- securityaffairs.com: Play ransomware group hit 900 organizations since 2022
- www.techradar.com: FBI warns Play ransomware hackers have hit nearly a thousand US firms
- www.cybersecuritydive.com: Understanding the evolving malware and ransomware threat landscape
Pierluigi Paganini@Security Affairs
//
The FBI has issued a warning to U.S. law firms regarding an escalating cyber threat posed by the Silent Ransom Group (SRG), also known as Luna Moth or Chatty Spider. This group, active since 2022, has refined its tactics to target law firms specifically since early 2023, likely due to the valuable and confidential client data they possess. The group aims to gain unauthorized access to systems and devices in order to steal sensitive information and extort victims with threats of public data leaks.
SRG's methods include IT-themed social engineering calls and callback phishing emails. In these attacks, they impersonate IT personnel to deceive employees into granting remote access to systems. They may direct the employee to a malicious website or send a link via email that installs remote access software. Once inside, the attackers discreetly extract sensitive files using tools like WinSCP or disguised versions of Rclone. This campaign is particularly dangerous because it leaves minimal digital traces and can bypass traditional security measures.
To defend against these attacks, the FBI urges law firms to enhance staff training to recognize and avoid social engineering tactics. Implementing multi-factor authentication is crucial, as is proactive monitoring for unauthorized access attempts. The agency also advises that victims share any ransom evidence with law enforcement to aid in investigations. Furthermore, CISOs are encouraged to fortify help desk and employee defenses, enhance intrusion detection and tracking capabilities, and recognize that paying ransoms is not a viable strategy.
Recommended read:
References :
- DataBreaches.Net: DataBreaches.net issues a Private Industry Notification about the Silent Ransom Group targeting law firms.
- securityaffairs.com: SecurityAffairs reports on Silent Ransom Group targeting law firms, the FBI warns.
- The DefendOps Diaries: The DefendOps Diaries explores the Silent Ransom Group's new era of cyber extortion.
- bsky.app: The FBI warned that an extortion gang known as the Silent Ransom Group has been targeting U.S. law firms over the last two years in callback phishing and social engineering attacks.
- BleepingComputer: FBI warns of Luna Moth extortion attacks targeting law firms
- ciso2ciso.com: Silent Ransom Group targeting law firms, the FBI warns – Source: securityaffairs.com
- hackread.com: FBI Warns of Silent Ransom Group Targeting Law Firms via Scam Calls
- databreaches.net: Private Industry Notification: Silent Ransom Group Targeting Law Firms
- Security Affairs: The FBI warns that the Silent Ransom Group, active since 2022 and also known as Luna Moth, has targeted U.S. law firms using phishing and social engineering. Linked to BazarCall campaigns, the group previously […]
- ciso2ciso.com: FBI Warns of Silent Ransom Group Targeting Law Firms via Scam Calls – Source:hackread.com
- malware.news: Private Industry Notification: Silent Ransom Group Targeting Law Firms
- ciso2ciso.com: FBI warns law firms: Silent Ransom Group uses phishing emails and fake IT calls to steal data, demanding ransom to prevent public leaks.
- gbhackers.com: FBI Issues on Silent Ransom Group Using Fake IT Support Calls to Target Victims
- malware.news: FBI Issues on Silent Ransom Group Using Fake IT Support Calls to Target Victims
- The Hacker News: The campaign leverages "information technology (IT) themed social engineering calls, and callback phishing emails, to gain remote access to systems or devices and steal sensitive data to extort the victims
- gbhackers.com: The Federal Bureau of Investigation (FBI) has issued a critical alert regarding the escalating activities of the cyber threat actor known as Silent Ransom Group (SRG), also identified under aliases such as Luna Moth, Chatty Spider, and UNC3753.
- Tech Monitor: The FBI alerts law firms to rising threat of Silent Ransom Group’s extortion tactics
- thecyberexpress.com: FBI Warns about Silent Ransom Group Targeting Law Firms
- eSecurity Planet: The FBI warns law firms of a stealth phishing scam where hackers call victims, pose as IT staff, and use remote access tools to steal sensitive data.
- www.scworld.com: US law firms facing Luna Moth ransomware threat
- cyble.com: FBI Warns Silent Ransom Group Targeting U.S. Law Firms Using Social Engineering and Callback Phishing
- www.esecurityplanet.com: FBI Warns Law Firms: Hackers Are Calling Offices in Stealth Phishing Scam
- cyble.com: FBI Warns Silent Ransom Group Targeting U.S. Law Firms Using Social Engineering and Callback Phishing
- www.techradar.com: FBI warns legal firms of Luna Moth extortion attacks where hackers will call their office
Nicole Kobie@itpro.com
//
The FBI has issued a warning regarding a major fraud campaign where cybercriminals are using AI-generated audio deepfakes and text messages to impersonate senior U.S. government officials. This scheme, which has been active since April 2025, targets current and former federal and state officials, along with their contacts, aiming to gain access to their personal accounts. The attackers are employing tactics known as smishing (SMS phishing) and vishing (voice phishing) to establish rapport before attempting to compromise accounts, potentially leading to the theft of sensitive information or funds.
The FBI advises that if individuals receive a message claiming to be from a senior U.S. official, they should not assume it is authentic. The agency suggests verifying the communication through official channels, such as calling back using the official number of the relevant department, rather than the number provided in the suspicious message. Additionally, recipients should be wary of unusual verbal tics or word choices that could indicate a deepfake in operation.
This warning comes amidst a surge in social engineering attacks leveraging AI-based voice cloning. A recent report indicated a 442% increase in the use of AI voice cloning between the first and second halves of 2024. Experts caution that the stolen credentials or information obtained through these schemes could be used to further impersonate officials, spread disinformation, or commit financial fraud, highlighting the increasing sophistication and potential damage of AI-enhanced fraud.
Recommended read:
References :
- Threats | CyberScoop: FBI warns of fake texts, deepfake calls impersonating senior U.S. officials
- Talkback Resources: Deepfake voices of senior US officials used in scams: FBI [social]
- thecyberexpress.com: The Federal Bureau of Investigation (FBI) has released a public service announcement to warn individuals about a growing involving text and voice messaging scams. Since April 2025, malicious actors have been impersonating senior U.S. government officials to target individuals, especially current or former senior federal and state officials, as well as their contacts. The FBI is urging the public to remain vigilant and take steps to protect themselves from these schemes. So let's understand what exactly is happening? The FBI has disclosed a coordinated campaign involving smishing and vishing—two cyber techniques used to deceive people into revealing sensitive information or giving unauthorized access to their personal accounts.
- www.itpro.com: The FBI says hackers are using AI voice clones to impersonate US government officials
- The Register - Software: The FBI has warned that fraudsters are impersonating "senior US officials" using deepfakes as part of a major fraud campaign.
- www.cybersecuritydive.com: Hackers are increasingly using vishing and smishing for state-backed espionage campaigns and major ransomware attacks.
- Tech Monitor: FBI warns of AI-generated audio deepfakes targeting US officials
- cyberinsider.com: Senior U.S. Officials Impersonated in AI-Powered Vishing Campaign
- cyberscoop.com: FBI warns of fake texts, deepfake calls impersonating senior U.S. officials
- thecyberexpress.com: The Federal Bureau of Investigation (FBI) has released a public service announcement to warn individuals about a growing involving text and voice messaging scams. Since April 2025, malicious actors have been impersonating senior U.S. government officials to target individuals, especially current or former senior federal and state officials, as well as their contacts.
- BleepingComputer: FBI: US officials targeted in voice deepfake attacks since April
- securityaffairs.com: US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials
- www.techradar.com: The FBI is warning about ongoing smishing and vishing attacks impersonating senior US officials.
- hackread.com: FBI warns of AI Voice Scams Impersonating US Govt Officials
- Security Affairs: US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials Shields up US
- iHLS: The FBI has flagged a concerning wave of cyber activity involving AI-generated content used to impersonate high-ranking U.S. government officials.
Nicole Kobie@itpro.com
//
The FBI has issued a warning about a rise in scams targeting U.S. government officials. Cybercriminals are using AI-generated voice clones and text messages to impersonate senior officials. This campaign, which started in April 2025, aims to trick current and former federal and state officials, as well as their contacts, into divulging sensitive information or granting unauthorized access to accounts. These tactics are referred to as "smishing" (malicious SMS messages) and "vishing" (fraudulent voice calls). The FBI is advising the public that if you receive a message claiming to be from a senior U.S. official, do not assume it is authentic.
The attackers use AI to create realistic voice deepfakes, making it difficult to distinguish between real and fake messages. They also leverage publicly available data to make their messages more convincing, exploiting human trust to infiltrate broader networks. The FBI has found that one method attackers use to gain access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform. The use of AI-generated audio has increased sharply, as large language models have proliferated and improved their abilities to create lifelike audio.
Once an account is compromised, it can be used in future attacks to target other government officials, their associates, and contacts by using trusted contact information they obtain. Stolen contact information acquired through social engineering schemes could also be used to impersonate contacts to elicit information or funds. The FBI advises that the scammers are using software to generate phone numbers that are not attributed to specific phones, making them more difficult to trace. Individuals should be vigilant and follow standard security advice, such as not trusting unsolicited messages and verifying requests through official channels.
Recommended read:
References :
- Threats | CyberScoop: Texts or deepfaked audio messages impersonate high-level government officials and were sent to current or former senior federal or state government officials and their contacts, the bureau says.
- Talkback Resources: FBI warns of deepfake technology being used in a major fraud campaign targeting government officials, advising recipients to verify authenticity through official channels.
- www.techradar.com: The FBI is warning about ongoing smishing and vishing attacks impersonating senior US officials.
- securityaffairs.com: US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials
- thecyberexpress.com: TheCyberExpress reports FBI Warns of AI Voice Scam
- www.itpro.com: The FBI says hackers are using AI voice clones to impersonate US government officials
- BleepingComputer: FBI: US officials targeted in voice deepfake attacks since April
- The Register - Software: Scammers are deepfaking voices of senior US government officials, warns FBI
- cyberinsider.com: Senior U.S. Officials Impersonated in AI-Powered Vishing Campaign
- Tech Monitor: FBI warns of AI-generated audio deepfakes targeting US officials
- The DefendOps Diaries: The Rising Threat of Voice Deepfake Attacks: Understanding and Mitigating the Risks
- PCWorld: Fake AI voice scammers are now impersonating government officials
- hackread.com: FBI Warns of AI Voice Scams Impersonating US Govt Officials
- iHLS: The FBI has flagged a concerning wave of cyber activity involving AI-generated content used to impersonate high-ranking U.S. government officials.
- cyberscoop.com: Texts or deepfaked audio messages impersonate high-level government officials and were sent to current or former senior federal or state government officials and their contacts, the bureau says.
- arstechnica.com: FBI warns of ongoing that uses audio to government officials
- Popular Science: That weird call or text from a senator is probably an AI scam
Ashish Khaitan@The Cyber Express
//
The FBI has issued a warning regarding the increasing exploitation of end-of-life (EoL) routers by cybercriminals. These outdated devices, which no longer receive security updates from manufacturers, are being targeted with malware, most notably variants of TheMoon, to establish proxy networks. This allows malicious actors to mask their online activities and conduct illicit operations with anonymity. The FBI emphasizes that routers from 2010 or earlier are particularly vulnerable due to the absence of recent software updates, making them susceptible to known exploits.
The compromised routers are then incorporated into botnets and used as proxies, sold on networks like 5Socks and Anyproxy. This enables cybercriminals to route malicious traffic through these unsuspecting devices, obscuring their real IP addresses and making it difficult to trace their criminal activities. TheMoon malware exploits open ports on vulnerable routers, bypassing the need for passwords, and then connects to a command-and-control (C2) server for instructions. This process allows the malware to spread rapidly, infecting more routers and expanding the proxy network.
To mitigate this growing threat, the FBI advises users to replace EoL routers with actively supported models and apply all available firmware and security updates. Disabling remote administration and using strong, unique passwords are also crucial steps in securing network devices. Additionally, regularly rebooting routers can help flush out temporary malware behavior. The FBI's warning underscores the importance of maintaining up-to-date security measures on network hardware to prevent exploitation by cybercriminals seeking to anonymize their activities.
Recommended read:
References :
- Daily CyberSecurity: FBI Warns: End-of-Life Routers Hijacked to Power Cybercriminal Proxy Networks
- The DefendOps Diaries: Exploitation of End-of-Life Routers: A Growing Cybersecurity Threat
- BleepingComputer: FBI: End-of-life routers hacked for cybercrime proxy networks
- Davey Winder: FBI Warns Of Router Attacks — Is Yours On The List Of 13?
- www.scworld.com: Attacks surge against antiquated routers, FBI warns
- bsky.app: The FBI IC3 has published a new PSA warning companies and home consumers that threat actors are exploiting old and outdated end-of-life routers to create massive botnets and that they should probably buy a new device
- BleepingComputer: The FBI warns that threat actors are deploying malware on end-of-life (EoL) routers to convert them into proxies sold on the 5Socks and Anyproxy networks.
- cyberinsider.com: FBI Warns Hackers Are Exploiting EoL Routers in Stealthy Malware Attacks
- www.bleepingcomputer.com: The FBI warns that threat actors are deploying malware on end-of-life (EoL) routers to convert them into proxies sold on the 5Socks and Anyproxy networks.
- bsky.app: The FBI warns that threat actors are deploying malware on end-of-life (EoL) routers to convert them into proxiesÂ
sold on the 5Socks and Anyproxy networks.
- thecyberexpress.com: The Federal Bureau of Investigation (FBI) has issued a warning about the TheMoon malware. The warning also stresses the dramatic uptick in cyberattacks targeting aging internet routers, especially those deemed “End of Life†(EOL).
- thecyberexpress.com: TheMoon Malware Targets Aging Routers, FBI Issues Alert
- The Hacker News: BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation
- securityonline.info: FBI Warns: End-of-Life Routers Hijacked to Power Cybercriminal Proxy Networks
- securityaffairs.com: The FBI warns that attackers are using end-of-life routers to deploy malware and turn them into proxies sold on 5Socks and Anyproxy networks.
- www.techradar.com: FBI warns outdated routers are being hacked
- thecyberexpress.com: The Federal Bureau of Investigation (FBI) has issued a warning about the TheMoon malware.
- BleepingComputer: Police dismantles botnet selling hacked routers as residential proxies
- thecyberexpress.com: Law Enforcement Takes Down Botnet Made Up of Thousands of End-Of-Life Routers
- techcrunch.com: NEW: FBI and Dutch police seized and shut down a botnet made of hacked routers. U.S. authorities also indicted three Russians and a Kazakhstan national for hacking the devices, running the botnet, and selling access to it as a service.
- infosec.exchange: NEW: FBI and Dutch police seized and shut down a botnet made of hacked routers. U.S. authorities also indicted three Russians and a Kazakhstan national for hacking the devices, running the botnet, and selling access to it as a service.
- techcrunch.com: NEW: FBI and Dutch police seized and shut down a botnet made of hacked routers. U.S. authorities also indicted three Russians and a Kazakhstan national for hacking the devices, running the botnet, and selling access to it as a service.
- www.justice.gov: A joint U.S.-Dutch law enforcement operation has taken down a botnet-for-hire that was comprised of thousands of end-of-life routers. The U.S. Department of Justice (DOJ) announced the unsealing of an indictment charging four foreign nationals with conspiracy and other alleged computer crimes for operating the botnets.
- www.csoonline.com: The FBI is warning that cybercriminals are exploiting that are no longer being patched by manufacturers. Specifically, the “5Socks†and “Anyproxy†criminal networks are using publicly available exploits and injecting persistent malware to gain entry to obsolete routers from Linksys, and Cradlepoint.
- The Register - Security: The FBI also issued a list of end-of-life routers you need to replace Earlier this week, the FBI urged folks to bin aging routers vulnerable to hijacking, citing ongoing attacks linked to TheMoon malware. In a related move, the US Department of Justice unsealed indictments against four foreign nationals accused of running a long-running proxy-for-hire network that exploited outdated routers to funnel criminal traffic.…
- iHLS: FBI Warns: Old Routers Exploited in Cybercrime Proxy Networks
- Peter Murray: FBI and Dutch police seize and shut down botnet of hacked routers
- The DefendOps Diaries: Explore the dismantling of the Anyproxy botnet and the global efforts to secure digital infrastructure against cybercrime.
- securityaffairs.com: Operation Moonlander dismantled the botnet behind Anyproxy and 5socks cybercriminals services
- Anonymous ???????? :af:: BREAKING: $46M cybercrime empire busted. FBI & Dutch forces take down a botnet run on hacked home routers—active since 2004.
- www.itpro.com: FBI takes down botnet exploiting aging routers
- Threats | CyberScoop: US seizes Anyproxy, 5socks botnets and indicts alleged administrators
Bill Toulas@BleepingComputer
//
The FBI has released a comprehensive list of 42,000 phishing domains linked to the LabHost cybercrime platform. LabHost, a major phishing-as-a-service (PhaaS) platform, was dismantled in April 2024. The extensive list is designed to aid cybersecurity professionals and organizations in strengthening their defenses against phishing attacks. The domains were registered between November 2021 and April 2024, providing a historical record for threat detection.
This release offers a unique opportunity to bolster cybersecurity defenses and enhance threat detection strategies. By integrating these domains into existing security frameworks, organizations can proactively thwart potential threats. Retrospective analysis of logs from November 2021 to April 2024 can uncover previously undetected breaches, allowing organizations to address vulnerabilities. The list serves as a valuable resource for training phishing detection models, improving their accuracy and effectiveness.
The release of the 42,000 domains allows for the creation of comprehensive blocklists to mitigate the risk of threat actors reusing or re-registering these domains. Cybersecurity experts can analyze domain patterns to gain insights into the operations of PhaaS platforms like LabHost. This correlation of intelligence can aid in understanding the tactics, techniques, and procedures (TTPs) employed by cybercriminals, thereby enhancing the ability to predict and counter future threats.
Recommended read:
References :
- bsky.app: The FBI released a list of 42,000 phishing domains linked to the LabHost phishing-as-a-service (PhaaS) platform
- BleepingComputer: The FBI released a list of 42,000 phishing domains linked to the LabHost phishing-as-a-service (PhaaS) platform that was dismantled in April 2024.
- The DefendOps Diaries: FBI shares massive list of 42,000 LabHost phishing domains, boosting cybersecurity defenses and enhancing threat detection strategies.
- bsky.app: The FBI has shared 42,000 phishing domains tied to the LabHost cybercrime platform, one of the largest global phishing-as-a-service (PhaaS) platforms that was dismantled in April 2024.
- malware.news: Thousands of LabHost PhaaS domains exposed by FBI
- securityaffairs.com: FBI shared a list of phishing domains associated with the LabHost PhaaS platform
- Talkback Resources: FBI shared a list of phishing domains associated with the LabHost PhaaS platform [net] [social]
- www.sentinelone.com: FBI shares 42,000 domains linked to seized PhaaS
@www.ic3.gov
//
The FBI has issued a public appeal for information regarding a widespread cyber campaign targeting US telecommunications infrastructure. The activity, attributed to a hacking group affiliated with the People's Republic of China and tracked as 'Salt Typhoon,' has resulted in the compromise of multiple U.S. telecommunications companies and others worldwide. The breaches, which have been ongoing for at least two years, have led to the theft of call data logs, a limited number of private communications, and the copying of select information subject to court-ordered U.S. law enforcement requests. The FBI is seeking information about the individuals who comprise Salt Typhoon and any details related to their malicious cyber activity.
The FBI, through its Internet Crime Complaint Center (IC3), is urging anyone with information about Salt Typhoon to come forward. The agency's investigation has uncovered a broad and sophisticated cyber operation that exploited access to telecommunications networks to target victims on a global scale. In October, the FBI and CISA confirmed that Chinese state hackers had breached multiple telecom providers, including major companies like AT&T, Verizon, Lumen, Charter Communications, Consolidated Communications, and Windstream, as well as dozens of other telecom companies in numerous countries.
In an effort to incentivize informants, the U.S. Department of State’s Rewards for Justice (RFJ) program is offering a reward of up to US$10 million for information about foreign government-linked individuals participating in malicious cyber activities against US critical infrastructure. The FBI is accepting tips via TOR in a likely attempt to attract potential informants based in China. The agency has also released public statements and guidance on Salt Typhoon activity in collaboration with U.S. government partners, including the publication of 'Enhanced Visibility and Hardening Guidance for Communications Infrastructure.' Salt Typhoon is also known by other names such as RedMike, Ghost Emperor, FamousSparrow, Earth Estries, and UNC2286.
Recommended read:
References :
- bsky.app: The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide.
- thecyberexpress.com: The FBI has issued a public appeal for information concerning an ongoing cyber campaign targeting US telecommunications infrastructure, attributed to actors affiliated with the People’s Republic of China (PRC).
- www.bleepingcomputer.com: FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches
- BleepingComputer: The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide.
- The DefendOps Diaries: Explore Salt Typhoon's cyber threats to telecom networks and the advanced tactics used by this state-sponsored group.
- malware.news: The FBI is seeking information from the public about the Chinese Salt Typhoon hacking campaign that, last year, was found to have breached major telecommunications providers and their wiretap request systems over a two-year period.
- Industrial Cyber: The Federal Bureau of Investigation (FBI) is requesting public assistance in reporting information related to the People’s Republic...
- industrialcyber.co: FBI issues IC3 alert on ‘Salt Typhoon’ activity, seeks public help in investigating PRC-linked cyber campaign
- Policy ? Ars Technica: FBI offers $10 million for information about Salt Typhoon members
- www.cybersecuritydive.com: FBI seeks public tips about Salt Typhoon
- www.scworld.com: US intensifies Salt Typhoon crackdown with public info request
@cyberalerts.io
//
The FBI has issued a warning about the rising trend of cybercriminals using fake file converter tools to distribute malware. These tools, often advertised as free online document converters, are designed to trick users into downloading malicious software onto their computers. While these tools may perform the advertised file conversion, they also secretly install malware that can lead to identity theft, ransomware attacks, and the compromise of sensitive data.
The threat actors exploit various file converter or downloader tools, enticing users with promises of converting files from one format to another, such as .doc to .pdf, or combining multiple files. The malicious code, disguised as a file conversion utility, can scrape uploaded files for personal identifying information, including social security numbers, banking information, and cryptocurrency wallet addresses. The FBI advises users to be cautious of such tools and report any instances of this scam to protect their assets.
The FBI Denver Field Office is warning that they are increasingly seeing scams involving free online document converter tools and encourages victims to report any instances of this scam. Malwarebytes has identified some of these suspect file converters, which include Imageconvertors.com, convertitoremp3.it, convertisseurs-pdf.com and convertscloud.com. The agency emphasized the importance of educating individuals about these threats to prevent them from falling victim to these scams.
Recommended read:
References :
- Talkback Resources: FBI warns of malware-laden websites posing as free file converters, leading to ransomware attacks and data theft.
- gbhackers.com: Beware! Malware Hidden in Free Word-to-PDF Converters
- www.bitdefender.com: Free file converter malware scam “rampant� claims FBI
- Malwarebytes: Warning over free online file converters that actually install malware
- bsky.app: Free file converter malware scam "rampant" claims FBI.
- bsky.app: @bushidotoken.net has dug up some IOCs for the FBI's recent warning about online file format converters being used to distribute malware
- Help Net Security: FBI: Free file converter sites and tools deliver malware
- www.techradar.com: Free online file converters could infect your PC with malware, FBI warns
- bsky.app: Free file converter malware scam "rampant" claims FBI.
- Security | TechRepublic: Scam Alert: FBI ‘Increasingly Seeing’ Malware Distributed In Document Converters
- securityaffairs.com: The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users’ sensitive information and infect their systems with malware.
- The DefendOps Diaries: FBI warns against fake file converters spreading malware and stealing data. Learn how to protect yourself from these cyber threats.
- PCMag UK security: PSA: Be Careful Around Free File Converters, They Might Contain Malware
- www.bleepingcomputer.com: FBI warnings are true—fake file converters do push malware
- www.techradar.com: FBI warns some web-based file management services are not as well-intentioned as they seem.
- www.csoonline.com: Improvements Microsoft has made to Office document security that disable macros and other embedded malware by default has forced criminals to up their innovation game, a security expert said Monday.
- www.itpro.com: Fake file converter tools are on the rise – here’s what you need to know
- Cyber Security News: The FBI Denver Field Office has warned sternly about the rising threat of malicious online file converter tools. These seemingly harmless services, often advertised as free tools to convert or merge files, are being weaponized by cybercriminals to install malware on users’ computers. This malware can have devastating consequences, including ransomware attacks and identity theft. […]
|
|
FlagThis - #fbi