CALL US

+91 9610101337

Fireball Malware Infects 250 Million Computers Worldwide | Cyberops

Fireball Malware Infects 250 Million Computers Worldwide

By Prempal Singh 0 Comment June 3, 2017

A Chinese digital marketer is to blame for the spread of malware called Fireball that reportedly has turned 250 million web browsers into ad-revenue creating “zombies” and infected 20 percent of corporate sites around the world.

The malware hijacks browsers and generates earnings for a Beijing-based digital marketing organization called Rafotech, said Check Point Software Technologies, which made the claim in a report published Thursday. Check Point calls this “possibly the most significant contamination procedure in history, and added that it can be turned into a distributor of any other malware family.

“Fireball has two main functions, the ability to operate any code on sufferer computers-downloading any file or malware, and hijacking and manipulating infected users’ web traffic to generate ad revenue, Check Point said. “Currently, Fireball installs plugins and additional configurations to increase its advertisements, while easily it can turn into a prominent distributor for almost any additional malware. ”

Rafotech, according to researchers, is using Fireball to change victims’ browsers to make money via advertising. Rafotech denies any wrongdoing, Check Point said. Rafotech’s goal is to configure a target’s browser homepage and default Internet search engine with a “fake search results, ” Examine Point said. That search engine’s pages would also include tracking pixels, used to accumulate the users’ private information. User search queries are then rerouted to Yahoo or Google.

“Fireball has the capability to spy on the sufferer, perform efficient malware falling, and execute any harmful code in the contaminated machines, this creates a massive security flaw in targeted machines and systems, ” researchers said.

Regarding evaluate Point, victims are infected with Fireball via stealth installs bundled with desirable Rafotech software such as Deal Wifi, Mustang Browser, Soso Desktop and FVP Image viewer. Additionally, it has been distributed via third-party freeware and spam campaigns.

“It’s important to remember that when a user installs freeware, additional malware isn’t necessarily decreased at the same time. In case you download a dubious freeware and nothing happens on the spot, it shouldn’t necessarily mean that something isn’t happening behind the scenes, ” Check Level wrote.

Researchers also think Rafotech has bought computer installs for Fireball from others known for their questionable download tactics. In what Check Point said was a good example of such activity, it provided a display shot of the solicitation by a user with a @rafotech. com email address on an advertising community forum stating “Looking to Acquire Plenty of Desktop PPI Traffic/Installs” adding “we are looking for massive volume installations. ”

Rafotech’s distribution methods appear to be bogus and don’t follow standard advertising standards for it to be considered naive empieza or legal, researchers said. “The malware and the fake search engines avoid carry indicators connecting these to Rafotech, they cannot be uninstalled by a common user, and so they conceal their true nature, ” they wrote.

Geographically hardest strike, so far, is India with 10 percent of infections, Brazil and South America, the United States signifies 2. 2 percent of infections.

Source: threatpost.com

error: Content is protected by Cyberops !!