Gang Behind Fireball Malware that Infected 250 Million PCs Busted by Police

fireball-chinese-adware-software



Chinese authorities have recently initiated a crackdown on the operators of a massive adware campaign thatinfected around 250 Million computers, including Windows and Mac OS, across the world earlier this year.


The adware campaign was uncovered by security researchers at Check Point last month after it already infected over 25 million computers in India, 24 million in Brazil, 16 million in Mexico, 13 million in Indonesia and 5.5 million in the United States.


Dubbed Fireball, the infamous adware comes bundled with other free legitimate software that you download off the Internet.


Once installed, the malware installs browser plug-ins to manipulate the victim's web browser configurations and replace their default search engines and home pages with fake search engines.


Far from legitimate purposes, Fireball has the ability to spy on victim's web traffic, execute malicious code on the infected computers, install plugins, and even perform efficient malware dropping, creating a massive security hole in targeted systems and networks.

At the time, Check Point researchers linked the operation to Rafotech, a Beijing-based Chinese firm which claims to offer digital marketing and game apps to 300 million customers, blaming the company for using Fireball for generating revenue by injecting ads into the web browsers.


Now, Beijing Municipal Public Security Bureau Network Security Corps have made 11 arrests in the case.
All the suspects are Rafotech employees, three of which worked as the company's president, technical director, and operations director, Chinese new agency reports.





Chinese outlets report that the Fireball developers made a profit of 80 Million Yuan (nearly US$12 million) from the adware campaign.


The establishment of Rafotech was jointly funded by several people in 2015, and by the end of the year, they developed the Fireball virus for the advertising fraud, which redirects the victim's every query to either Yahoo.com or Google.com and includes tracking pixels that collect the victim's information.


All the arrested suspects have allegedly admitted of the development and distribution of the Fireball malware. The arrests began in June shortly after the story about Fireball went online.


No doubt, the company was using the Fireball adware to boost its advertisements and gain revenue, but at the same time, the adware has the capability to distribute additional malware, which may come up as a potential disaster in future
.

Comments

Post a Comment