Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese 'Fireball' Malware Infects Nearly 250 Million Computers Worldwide (thehackernews.com)

Posted by BeauHD on from the cinnamon-whisky dept.

Check Point researchers have discovered a massive malware campaign, dubbed Fireball, that has already infected more than 250 million computers across the world, including Windows and Mac OS. The Fireball malware "is an adware package that takes complete control of victim's web browsers and turns them into zombies, potentially allowing attackers to spy on victim's web traffic and potentially steal their data," reports The Hacker News. From the report: Check Point researchers, who discovered this massive malware campaign, linked the operation to Rafotech, a Chinese company which claims to offer digital marketing and game apps to 300 million customers. While the company is currently using Fireball for generating revenue by injecting advertisements onto the browsers, the malware can be quickly turned into a massive destroyer to cause a significant cyber security incident worldwide. Fireball comes bundled with other free software programs that you download off of the Internet. Once installed, the malware installs browser plugins to manipulate the victim's web browser configurations to replace their default search engines and home pages with fake search engines (trotux.com). "It's important to remember that when a user installs freeware, additional malware isn't necessarily dropped at the same time," researchers said. "Furthermore, it is likely that Rafotech is using additional distribution methods, such as spreading freeware under fake names, spam, or even buying installs from threat actors."

4 of 66 comments (clear)

  1. Yet another reason to surf in VMs by JoeyRox · · Score: 3, Informative

    Congratulations on compromising my Virtual Machine. I will one-click delete you now.

  2. MacOS target by manu0601 · · Score: 2, Informative

    Hacker News's story notes MacOS is a target, but that information cannot be found in Checkpoint blog.

    The infection involves installation of plugins from Chrome. Is that native code? If it is the case, it is unlikely that multiple targets are maintained, as it costs money

  3. Old news? by Altrag · · Score: 5, Informative

    Sounds like its just Banzai Buddy 2.0..

    Unless there's something TFA is glossing over, it sounds like fairly standard adware.. they even state that it safely goes away when you uninstall the offending container software, making it actually less obnoxious than Banzai Buddy and his friends from a decade ago.

  4. Re: So, uhhh by hunter44102 · · Score: 3, Informative

    Did you read the article? This will indeed install on your patched systems because it comes as a payload with freeware software that the users install. So Malwarebytes is exactly what is needed to find and remove it.