Wednesday, January 15, 2025
HomeMalwareBeware: Chinese Malware Fireball Infects More than 250 Million Computers around the...

Beware: Chinese Malware Fireball Infects More than 250 Million Computers around the Globe

Published on

Chinese threat operation which has infected more than 250 million PCs around the world. The advanced malware, Fireball, takes control target browsers and transforms them into zombies.

Security specialists from Check Point Threat Intelligence and research team recently discovered this high volume attack.

It has two important Functions:

  • An ability to run any code on victim computers.
  • Downloading any file or malware, and hijacking and manipulating infected users’ web traffic to generate ad revenue.

This operation is controlled by Rafotech, a big digital marketing company situated in Beijing and their principle inspiration is to Boost income with Advertisements.

Distribution

Fireball has a high Volume distribution which infected more than 250 million PCs around the world, and 20% of corporate systems.

Top Infected Countries

  • 25.3 million infections in India (10.1%).
  • 24.1 million in Brazil (9.6%).
  • 16.1 million in Mexico (6.4%).
  • 13.1 million in Indonesia (5.2%).
  • 5.5 million United States (2.2%).
Likewise, with different sorts of malware, there are numerous paths for Fireball to spread.This Adware distributed bundling via other freeware distributors.

Checkpoint suspects Deal Wifi and Mustang Browser as the Most prominent vectors, Moreover, it is likely that Rafotech is utilizing extra delivery techniques, for example, spreading freeware under fake names, spam, or even buying installs from threat actors.

The full distribution of Fireball is not yet known, but rather obviously it shows an outstanding danger to the worldwide digital global cyber community.

Execution flow

Fireball acts as a browser hijacker, in any case, it can be transformed into a full-working malware downloader. It controls user’s browsers and diverts them to fake web search engines.These fake search Engines have tracking pixel which gather’s users sensitive information.

Chinese Malware Fireball Infects More than 250 Million Computers
Execution Flow      Source: Checkpoint

It also has the ability to spy on victims, perform effective malware dropping, and execute any noxious code in the tainted machines, which can bring about a massive information breach.

Am I Infected

To check whether you are tainted open your browser and see that your Search Engine and default landing page are changed.

Also, cross with the number of browser add-ons you have installed, If there are no Changes then you are not infected with the adware.

If Infected How to remove

  • Windows users can simply uninstall the malware from their Control Panel.
    Control Panel ----> uninstall or Change program
  • Macintosh users are asked for to find and move applications to Trash and after that Trash should be cleared.

How to Stay Safe

You should be very cautious when installing new applications.

  • Always go for Custom installation.
  • Check for application Integrity.
  • Consider reading the privacy policy, don’t scroll out.

Also Read

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Aembit Announces Speaker Lineup for the Inaugural NHIcon

Aembit, the non-human identity and access management (IAM) company, unveiled the full agenda for...

Sweet Security Introduces Patent-Pending LLM-Powered Detection Engine, Reducing Cloud Detection Noise to 0.04%

Sweet Security, a leader in cloud runtime detection and response, today announced the launch...

ShadowSyndicate Hackers Added RansomHub Ransomware to their Arsenal

ShadowSyndicate is a prolific threat actor that has been active since July 2022, collaborated...

5,000 WordPress Sites Hacked in New WP3.XYZ Malware Attack

Widespread malware campaigns detected by side crawlers exploit vulnerabilities on multiple websites where the...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

RedCurl APT Deploys Malware via Windows Scheduled Tasks Exploitation

Researchers identified RedCurl APT group activity in Canada in late 2024, where the attackers...

Credit Card Skimmer Hits WordPress Checkout Pages, Stealing Payment Data

Researchers analyzed a new stealthy credit card skimmer that targets WordPress checkout pages by...

Hackers Exploiting YouTube to Spread Malware That Steals Browser Data

Malware actors leverage popular platforms like YouTube and social media to distribute fake installers....