Chinese threat operation which has infected more than 250 million PCs around the world. The advanced malware, Fireball, takes control target browsers and transforms them into zombies.

Security specialists from Check Point Threat Intelligence and research team recently discovered this high volume attack.

It has two important Functions:

  • An ability to run any code on victim computers.
  • Downloading any file or malware, and hijacking and manipulating infected users’ web traffic to generate ad revenue.

This operation is controlled by Rafotech, a big digital marketing company situated in Beijing and their principle inspiration is to Boost income with Advertisements.


Fireball has a high Volume distribution which infected more than 250 million PCs around the world, and 20% of corporate systems.

Top Infected Countries

  • 25.3 million infections in India (10.1%).
  • 24.1 million in Brazil (9.6%).
  • 16.1 million in Mexico (6.4%).
  • 13.1 million in Indonesia (5.2%).
  • 5.5 million United States (2.2%).
Likewise, with different sorts of malware, there are numerous paths for Fireball to spread.This Adware distributed bundling via other freeware distributors.

Checkpoint suspects Deal Wifi and Mustang Browser as the Most prominent vectors, Moreover, it is likely that Rafotech is utilizing extra delivery techniques, for example, spreading freeware under fake names, spam, or even buying installs from threat actors.

The full distribution of Fireball is not yet known, but rather obviously it shows an outstanding danger to the worldwide digital global cyber community.

Execution flow

Fireball acts as a browser hijacker, in any case, it can be transformed into a full-working malware downloader. It controls user’s browsers and diverts them to fake web search engines.These fake search Engines have tracking pixel which gather’s users sensitive information.

Chinese Malware Fireball Infects More than 250 Million Computers
Execution Flow      Source: Checkpoint

It also has the ability to spy on victims, perform effective malware dropping, and execute any noxious code in the tainted machines, which can bring about a massive information breach.

Am I Infected

To check whether you are tainted open your browser and see that your Search Engine and default landing page are changed.

Also, cross with the number of browser add-ons you have installed, If there are no Changes then you are not infected with the adware.

If Infected How to remove

  • Windows users can simply uninstall the malware from their Control Panel.
    Control Panel ----> uninstall or Change program
  • Macintosh users are asked for to find and move applications to Trash and after that Trash should be cleared.

How to Stay Safe

You should be very cautious when installing new applications.

  • Always go for Custom installation.
  • Check for application Integrity.
  • Consider reading the privacy policy, don’t scroll out.


Also Read

Leave a Reply