Tuesday, June 18, 2024

Beware: Chinese Malware Fireball Infects More than 250 Million Computers around the Globe

Chinese threat operation which has infected more than 250 million PCs around the world. The advanced malware, Fireball, takes control target browsers and transforms them into zombies.

Security specialists from Check Point Threat Intelligence and research team recently discovered this high volume attack.

It has two important Functions:

  • An ability to run any code on victim computers.
  • Downloading any file or malware, and hijacking and manipulating infected users’ web traffic to generate ad revenue.

This operation is controlled by Rafotech, a big digital marketing company situated in Beijing and their principle inspiration is to Boost income with Advertisements.


Fireball has a high Volume distribution which infected more than 250 million PCs around the world, and 20% of corporate systems.

Top Infected Countries

  • 25.3 million infections in India (10.1%).
  • 24.1 million in Brazil (9.6%).
  • 16.1 million in Mexico (6.4%).
  • 13.1 million in Indonesia (5.2%).
  • 5.5 million United States (2.2%).
Likewise, with different sorts of malware, there are numerous paths for Fireball to spread.This Adware distributed bundling via other freeware distributors.

Checkpoint suspects Deal Wifi and Mustang Browser as the Most prominent vectors, Moreover, it is likely that Rafotech is utilizing extra delivery techniques, for example, spreading freeware under fake names, spam, or even buying installs from threat actors.

The full distribution of Fireball is not yet known, but rather obviously it shows an outstanding danger to the worldwide digital global cyber community.

Execution flow

Fireball acts as a browser hijacker, in any case, it can be transformed into a full-working malware downloader. It controls user’s browsers and diverts them to fake web search engines.These fake search Engines have tracking pixel which gather’s users sensitive information.

Chinese Malware Fireball Infects More than 250 Million Computers
Execution Flow      Source: Checkpoint

It also has the ability to spy on victims, perform effective malware dropping, and execute any noxious code in the tainted machines, which can bring about a massive information breach.

Am I Infected

To check whether you are tainted open your browser and see that your Search Engine and default landing page are changed.

Also, cross with the number of browser add-ons you have installed, If there are no Changes then you are not infected with the adware.

If Infected How to remove

  • Windows users can simply uninstall the malware from their Control Panel.
    Control Panel ----> uninstall or Change program
  • Macintosh users are asked for to find and move applications to Trash and after that Trash should be cleared.

How to Stay Safe

You should be very cautious when installing new applications.

  • Always go for Custom installation.
  • Check for application Integrity.
  • Consider reading the privacy policy, don’t scroll out.

Also Read


Latest articles

Singapore Police Arrested Two Individuals Involved in Hacking Android Devices

The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for...

CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by...

Europol Taken Down 13 Websites Linked to Terrorist Operations

Europol and law enforcement agencies from ten countries have taken down 13 websites linked...

New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems

Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data.ARM's...

Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users

A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...

Hackers Employing New Techniques To Attack Docker API

Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles