Chinese 'Fireball' Malware Infects Nearly 250 Million Computers Worldwide

Check Point researchers have discovered a massive malware campaign, dubbed Fireball, that has already infected more than 250 million computers across the world, including Windows and Mac OS. The Fireball malware "is an adware package that takes complete control of victim's web browsers and turns them into zombies, potentially allowing attackers to spy on victim's web traffic and potentially steal their data," reports The Hacker News. From the report: Check Point researchers, who discovered this massive malware campaign, linked the operation to Rafotech, a Chinese company which claims to offer digital marketing and game apps to 300 million customers. While the company is currently using Fireball for generating revenue by injecting advertisements onto the browsers, the malware can be quickly turned into a massive destroyer to cause a significant cyber security incident worldwide. Fireball comes bundled with other free software programs that you download off of the Internet. Once installed, the malware installs browser plugins to manipulate the victim's web browser configurations to replace their default search engines and home pages with fake search engines (trotux.com). "It's important to remember that when a user installs freeware, additional malware isn't necessarily dropped at the same time," researchers said. "Furthermore, it is likely that Rafotech is using additional distribution methods, such as spreading freeware under fake names, spam, or even buying installs from threat actors."

Re:So, uhhh

[hcs_$reboot]

You should see an icon (bottom left) click on it, and click "About". If you see "wIndows" anywhere, you're infected.

Yet another reason to surf in VMs

[JoeyRox]

Congratulations on compromising my Virtual Machine. I will one-click delete you now.

MacOS target

[manu0601]

Hacker News's story notes MacOS is a target, but that information cannot be found in Checkpoint blog.

The infection involves installation of plugins from Chrome. Is that native code? If it is the case, it is unlikely that multiple targets are maintained, as it costs money

Re:MacOS target

[gravewax]

Considering checkpoint has instructions at the bottom of the article for uninstall from MacOS and they state clearly it has multiple packaging methods I would say you simply didn't actually read the checkpoint report.

Re: Time for the EU to put sanctions on China

[Narcocide]

No, dude. The criminals have their own astro-turfing moderators. If you registered you'd know everyone gets to moderate. The moderation used to overall still reflect the will of the community because even the assholes were still acting in good faith.

Old news?

[Altrag]

Sounds like its just Banzai Buddy 2.0..

Unless there's something TFA is glossing over, it sounds like fairly standard adware.. they even state that it safely goes away when you uninstall the offending container software, making it actually less obnoxious than Banzai Buddy and his friends from a decade ago.

Calm down

[TheOuterLinux]

Fireball is literally no different then the ad-based crap Window$ pushes. It's not harmful on its own but can be used maliciously. Though, I doubt anyone really read the source. Fireball is a Chinese thing. Do you get your freemium software from Chinese websites? If you are a Slashdotter, then hopeful not, or your a sadomasochist/complete moron. This is nothing more than a clever scare brought on by Micro$oft to get people on the M$ store bandwagon. Just learn to use FOSS applications. I know it's unjustifiably painful for whatever reason for Window$ users to not pay for things that are developed by hundreds of collaborators with source code to look at, but it won't actually hurt you.

Re:Time for the EU to put sanctions on China

[AHuxley]

The Communist party has a few fears. That MI6, the CIA, NSA, GCHQ have set up secure communications networks with dissident groups in China.
The only way China can be sure is to test every connection into and out of China from both directions. The network activity often seen is just the seeking of a network origin. Is it a VPN, encrypted, how does the server respond. Its the only way China can really understand what someone connected to from China. A constant real time mapping of the internet to find encryption efforts to/from China.

Re: So, uhhh

[hunter44102]

Did you read the article? This will indeed install on your patched systems because it comes as a payload with freeware software that the users install. So Malwarebytes is exactly what is needed to find and remove it.

Re:So, uhhh

[mreed911]

"Back in my days as a video game white-hat tester I wrote a python script. After much refactoring, it now logs in to every box through a client listener socket I have open on each workstation, and checks to make sure everything is patched." So you have homegrown python code listening on a custom socket and that has the ability to do administrative things on the computer? I see... tell me more about this setup, please... in the interest of "science."

Re:So, uhhh

[phantomfive]

If you're patched up to the latest, you're not getting infected

This is absolutely not true. A zero-day is by definition a vulnerability that is not yet known to the software vendor, so no patch can exist, and yet hackers can know about it.

We've actually seen examples where Microsoft hasn't patched security flaws, and the flaw was being exploited by hackers. Here is one example, there are plenty.

Re:So, uhhh

[LostMyBeaver]

We all know you started as a video game tester. 95% of your posts mention your entire history, high school grades included.

You still didn't get the joke either. Mreed911 said something pretty much any competent IT guy would find hilarious and you either didn't read it or didn't get it.

People might stop attacking you and stop teasing you if you stopped calling everyone names (about 70% of your posts, 50% when you specifically initiate aggression). They might respect you more if you don't self-aggrandize with your resume which on slashdot, isn't particularly impressive. Or if, knowing we all have a general assessment of your skills and experience, stopped making comments about how you would take it upon yourself to engineer things like dynamos for running shoes if you had the time when it would things like expertise in mechanical engineering, miniaturization, polymers, ohh... and running shoe engineering which I assume are all outside of your skill-set with the possible exception of mechanical engineering on a hobbyist scale.

Over the past five years, I've slowly learned that pointing out problems without attempting to offer a meaningful solution is a waste of time. If you don't have an answer or something meaningful to contribute, making the comment in the first place simply makes people hate you. So, in an effort to get people to hate me less, I've been trying to change myself.

You mention a triple whammy. 47 + 350lb and 50k income. Based on this description, one would generally assess that you're screwed. Age, you're still young. 50 is the new 40. You have time to work with. I never hit 350lbs, so I can't possibly understand or even relate to your situation, but a few years back, I made it up to 200lbs (my comfort weight it 165). When I went to the store and smiled at the girl and she responded by telling me I would have to start shopping at places which specialize in "big boys". I realized I was old enough that she thought of me as her father and I was fat. 4 months later, I went back weighing in at 163 with a 31" waist line. During the time since then I've learned a great deal about humans in a meaningful way.

Men ... especially IT guys have really short attention spans. If we can't solve the problem quickly... while we're on a roll, we lose interest.
We tend to set goals for ourselves which are somewhat unrealistic and hope that we make it through before losing interest and hope no one notices when we give up and we spend a lot of energy coming up with great excuses for why it's ok we gave up.
It's generally all about momentum, we think all problems have to be solved the way we send rockets to the moon. Stick enough fuel into the first stage of the rocket and break free of earth's atmosphere and all we'll need is some course correction to get there. The bitch of it is, most problems don't have a point where we can break free of gravity and friction.

Another thing I learned about when I was younger was poverty.

You've heard people make the comment "If he's so poor, how come he always seems to have enough money for food... fat ass"?

Obesity is inversely correlated to income bracket for a reason. The poorer you are the fatter you tend to become. An IT guy with IT guy interests generally tends to prioritize toys over food and as a result a $50k income can be equal a a $20k + welfare/foodstamps income. The only difference being that with some financial planning/responsibility, $50k can actually make ends meet... barely.

How does this matter? That's easy, you and I were among the last people in America to take Home Economics in high school and what's worse is that we both were of a generation where mommy going back to work was something cute and short-term. We didn't take the class seriously. We never learned the important things about managing a household. In addition, I know I've never vacuumed under the couch in my life. I suck at it.

Important things about managing a house.
1) Plan your meals
2) Meal pl