In this case, he said, “a user will typically search Google for a tool to convert, let’s say, a Word document into a PDF. Bad actors will in some cases buy Google ads, or manipulate the search ranking to have their malicious tool show up at the top [of the results list]. In some cases, they may reply to questions being asked on websites like Stackoverflow [to advertise] the malicious tool.”
Once the victim executes the program, said Ullrich, “the tool will run the malicious code. In some cases, the tool will just exit and appear ‘broken’ to the user. In other cases, the tool may actually perform the legitimate action as well as the malicious action.”
Additionally, said Vikki Migoya, public affairs officer for the FBI’s field office in Denver, in an email, “scammers try to mimic URLs that are legit — so changing just one letter, or ‘INC’ instead of ‘CO.’ Users who in the past would type ‘free online file converter’ into a search engine are vulnerable, as the algorithms used for results now often include paid results, which might be scams.”