Cyber Crime

Chinese Police dismantled the behind the Fireball adware campaign that infected more than 250 Million PCs

Chinese authorities arrested eleven members of the gang behind the Fireball adware campaign that infected more than 250 Million PCs.

Chinese police have identified and arrested individuals suspected to be the operators behind the massive adware campaign that infected more than 250 Million computers across the world earlier this year.

In June, researchers at security firm Check Point discovered the massive campaign spreading the Fireball malware. The malicious code was infecting both Windows and Mac OS systems, it can be used by attackers to gain full controls of the victim’s web browsers, to spy on the victims and exfiltrate user data.

The adware is disguised as a legitimate software and leverages browser plug-ins to boost its own advertisements.

Fireball malwareFireball malware

The researchers associated the campaign with the operation of the Chinese firm Rafotech that is a company that officially offers digital marketing and game apps to 300 million customers.

Chinese media outlets reported eleven Rafotech employees arrested by local police, including executives. It seems that the authorities arrested the suspects in June shortly after the publication of the report.

The Chongqing Morning News confirmed that the president, the technical director, and an operations director were arrested by the Chinese Police.

According to the state-owned outlet “Sixth Tone,” the click-fraud netted 80 million yuan, nearly US$12 million.

The Beijing Municipal Public Security Bureau Haidian Branch Network Security Brigade was informed by someone working under the pseudonym Zhang Ming, then the authorities monitored the Fireball campaign tracking its operators.

The individuals have allegedly “admitted the facts,” they were responsible for the campaign that launched around 2015 when the Rafotech setup the advertising fraud.

According to Beijing Youth Daily, the Fireball adware did not infect Chinese users to avoid being investigated by local authorities.

To check the presence of the malware on your systems open your web browser and try to reply the following questions:

  1. Did you set your homepage?
  2. Are you able to modify your browser’s homepage?
  3. Are you familiar with your default search engine and can modify that as well?
  4. Do you remember installing all of your browser extensions?

To uninstall the adware just remove the respective application from the machine and reset to default settings for your browser.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  (Fireball, adware)

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cloudflare blocked a record-breaking 5.6 Tbps DDoS attack

Cloudflare announced that it has blocked a record-breaking 5.6 terabit-per-second (Tbps) distributed denial-of-service (DDoS) attack.…

4 minutes ago

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

A vulnerability in the 7-Zip file software allows attackers to bypass the Mark of the…

1 hour ago

Former CIA analyst pleaded guilty to leaking top-secret documents

A former CIA analyst, Asif William Rahman, pleaded guilty to leaking top-secret National Defense Information…

11 hours ago

New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers

Researchers warn of a campaign exploiting AVTECH IP cameras and Huawei HG532 routers to create…

17 hours ago

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

CERT-UA warned of scammers impersonating the agency, using fake AnyDesk requests to conduct fraudulent security…

21 hours ago

Experts found multiple flaws in Mercedes-Benz infotainment system

Kaspersky researchers shared details about multiple vulnerabilities impacting the Mercedes-Benz MBUX infotainment system. Kaspersky published…

1 day ago