Cybercriminals use free MP3 converters to carry out hoaxes

According to the company, users who search for these applications find a Youtube video with instructions. The video shows a screenshot inside the player with instructions to users on how to directly access another site. However, when users access the recommended web address, they are redirected to another page. This site loads a javascript with third-party content and advertisements for a gift card that must be accessed in order to download the converter.

If they proceed and request the download, the victims access more pages with javascript and data traffic. They are then asked for additional personal information such as email, address, age, gender, and telephone number. Also, they are required to agree to being contacted by third-party companies.  

Raphael Labaca, the Research Coordinator at ESET in Latin America, talks about how this type of attack can be replicated anywhere in the world, as virtual criminals create false store advertisements online in an attempt to illegally obtain information from users. He adds that: “Including in Brazil, cases of phishing have been reported, whereby users are led to type in personal information to win prizes such as flights, promotions, sports cars, as well as credit card information.”  

“This type of hoax prompts users to type in as much personal information as possible, so that it can later be used in transactions,” explains Camillo Di Jorge, country manager at ESET Brazil.

According to the company, even if users do not fall for the “free mp3 converter” story, cybercriminals who set up the hoax still profit from the situation on account of the amount of traffic, since the sites are ranked highly on search engines.