By Daily Mail (U.S.) | Created at 2025-03-28 17:26:31 | Updated at 2025-03-31 12:39:19
2 days ago
The FBI has warned all Google Chrome users about a threat of a fake URL that lets hackers steal victims' personal information.
The agency said hackers are creating websites claiming to convert one type of file to another, such as a .doc file to a .pdf file, which have been compromised with malicious code.
After the program is downloaded, cybercriminals gain access to stored information like social security numbers, passwords and bank information, the FBI warned Chromes three billion users.
Vikki Migoya, public affairs specialist for FBI Denver, said: 'Unfortunately, many victims don't realize they have been infected by malware until it's too late, and their computer is infected with ransomware or their identity has been stolen.'
The agency advised Chrome users not to download file converters from unknown websites.
If you are a victim of this scam, the FBI said to 'contact your financial institutions immediately.'
'Run up-to-date virus scan software to check for potentially malicious software installed by the scammers, the agency added.
'Consider taking your computer to a professional company specializing in virus and malware removal services.'
The FBI has warned all Google Chrome users about a threat of a fake URL that lets hackers steal victims' personal information. The agency said hackers are creating websites claiming to convert one type of file to another, such as a .doc file to a .pdf file, which have been compromised with malicious code
The warning noted that MP3 or MP4 downloading tools are also being used in the scam.
'The scammers try to mimic URLs that are legit – so changing just one letter, or 'INC' instead of 'CO',' Migoya told BleepingComputer.
'Users who in the past would type 'free online file converter' into a search engine are vulnerable, as the algorithms used for results now often include paid results, which might be scams.'
The FBI said victims of the scam should file a report at IC3.gov.
The agency suggested that a malicious file converter was behind a ransomware attack of Iowa-based media company Lee Enterprises, CBS New reported.
Lee Enterprises operates in more than 70 towns throughout the country and was hit by the scam in February.
The company filed a report with the US Securities and Exchange Commission (SEC) on February 12, writing that 'Lee Enterprises experienced a systems outage caused by a cybersecurity attack.'
'Preliminary investigations indicate that threat actors unlawfully accessed the Company's network, encrypted critical applications, and exfiltrated certain files,' the report reads.
'The Company is actively conducting forensic analysis to determine whether sensitive data or personally identifiable information (PII) was compromised.
'At this time, no conclusive evidence has been identified, but the investigation remains ongoing.'
The cybersecurity team at GitLab Threat Intelligence issued another warning about Google Chrome this year after uncovering about 16 browser extensions that have been compromised by hackers.
The list includes Blipshot, Emojis, Color Changer for YouTube, Video Effects for YouTube and Audio Enhancer, Themes for Chrome and YouTube Picture in Picture and Mike Adblock für Chrome, Super Dark Mode and Emoji Keyboard Emojis for Chrome.
Adblocker for Chrome, Adblock for You, Adblock for Chrome, Nimble Capture, KProxy and Page Refresh, Wistia Video Downloader are also deemed compromised.
The malicious links allow hackers to steal user data and commit 'search engine fraud' - the scam of driving clicks to hacker-controlled websites for ad revenue.
Researchers noted that Chrome has deleted the extensions from its Web Store.
But users who have downloaded them will need to remove them manually.
All of the hacked Chrome extensions used permissions which allow them to interact with any website the victims visit.
This allowed them to inject those websites with malicious code as well. Simply put, the Chrome add-ons traveled along with the Google users, potentially spreading the hacker's code everywhere they browsed the web.
The best way to avoid a hijacked browser extension is to vet the programs you're installing on your computer and read any reviews which warn about potential dangers.
This includes checking what 'permissions' an extension is asking for, meaning which files or devices is the program looking to access with the user's blessing.
