let me help clear things up a little bit ;-). For our crypto nerds: I'm going to simplify things a little here, since details in crypto can be quite technical.
What you describe is indeed a Known-Plaintext attack. This attack, however, is not applicable to AES in the mode that we're using it. It is mainly of concern when AES is used in some stream-cipher mode (while we are using AES in block-chaining mode).
Just think about it: If knowing the plaintext of an encrypted file would help you to recover the encryption key, than normal file encryption would be all but impossible. Just think about files like desktop.ini on Windows, which is often created and very deterministic. Or take into consideration the fact that many files do always start with the same bytes due to their format. Or your very own example of the downloaded file.
That means that any encryption solution worth its salt will not be vulnerable to a simple Known- or Chosen-Plaintext attack. Of course this also applies to Boxcryptor.
In regards to our encryption mechanism: We explain how our encryption works in detail here: https://www.boxcryptor.com/en/technical-overview/. So you as well as any encryption expert can verify that our encryption is indeed secure.