Friday, October 4, 2024
HomeMalwareBeware: Chinese Malware Fireball Infects More than 250 Million Computers around the...

Beware: Chinese Malware Fireball Infects More than 250 Million Computers around the Globe

Published on

Chinese threat operation which has infected more than 250 million PCs around the world. The advanced malware, Fireball, takes control target browsers and transforms them into zombies.

Security specialists from Check Point Threat Intelligence and research team recently discovered this high volume attack.

It has two important Functions:

  • An ability to run any code on victim computers.
  • Downloading any file or malware, and hijacking and manipulating infected users’ web traffic to generate ad revenue.

This operation is controlled by Rafotech, a big digital marketing company situated in Beijing and their principle inspiration is to Boost income with Advertisements.

- Advertisement - EHA

Distribution

Fireball has a high Volume distribution which infected more than 250 million PCs around the world, and 20% of corporate systems.

Top Infected Countries

  • 25.3 million infections in India (10.1%).
  • 24.1 million in Brazil (9.6%).
  • 16.1 million in Mexico (6.4%).
  • 13.1 million in Indonesia (5.2%).
  • 5.5 million United States (2.2%).
Likewise, with different sorts of malware, there are numerous paths for Fireball to spread.This Adware distributed bundling via other freeware distributors.

Checkpoint suspects Deal Wifi and Mustang Browser as the Most prominent vectors, Moreover, it is likely that Rafotech is utilizing extra delivery techniques, for example, spreading freeware under fake names, spam, or even buying installs from threat actors.

The full distribution of Fireball is not yet known, but rather obviously it shows an outstanding danger to the worldwide digital global cyber community.

Execution flow

Fireball acts as a browser hijacker, in any case, it can be transformed into a full-working malware downloader. It controls user’s browsers and diverts them to fake web search engines.These fake search Engines have tracking pixel which gather’s users sensitive information.

Chinese Malware Fireball Infects More than 250 Million Computers
Execution Flow      Source: Checkpoint

It also has the ability to spy on victims, perform effective malware dropping, and execute any noxious code in the tainted machines, which can bring about a massive information breach.

Am I Infected

To check whether you are tainted open your browser and see that your Search Engine and default landing page are changed.

Also, cross with the number of browser add-ons you have installed, If there are no Changes then you are not infected with the adware.

If Infected How to remove

  • Windows users can simply uninstall the malware from their Control Panel.
    Control Panel ----> uninstall or Change program
  • Macintosh users are asked for to find and move applications to Trash and after that Trash should be cleared.

How to Stay Safe

You should be very cautious when installing new applications.

  • Always go for Custom installation.
  • Check for application Integrity.
  • Consider reading the privacy policy, don’t scroll out.

Also Read

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

DCRAt Attacking Users Via HTML Smuggling To Steal Login Credentials

In a new campaign that is aimed at users who speak Russian, the modular...

LummaC2 Stealer Leverages Customized Control Flow Indirection For Execution

The LummaC2 obfuscator employs a novel control flow protection scheme designed specifically for its...

Octo2 Android Malware Attacking To Steal Banking Credentials

The original threat actor behind the Octo malware family has released a new variant,...