250 Million Computers Around the World Infected by Fireball Malware

A New Android Exploit has the Ability to Hide Malicious Activity

A massive malware infection was discovered by the security firm called Check Point. The researchers claim that it originates in China, and that its destructive potential is huge. The malware, called ‘Fireball’, has infected over 250 million computers, and it’s estimated that it has established a presence on around 20% of the corporate networks. So far, major infection centers were detected in Mexico, India, and Brazil.

The infection is so great that Check Point even goes as far as naming it the largest operation in history. Further investigation has uncovered that the software mostly generates fake clicks and that its creator and controller is the advertising firm from Beijing called Rafotech.

After the malware is installed, it mostly redirects the user’s browser to certain websites that are made to look like Yahoo and Google search pages. The fake pages then use the method called tracking pixels to gather as many of the users’ private data as possible.

However, Fireball can do even more, and it has the ability to remotely execute different commands, which include the download of even more malware.

The people controlling the malware could go from ad-scams, to private data collection, and even to creating the world’s greatest botnet with the amount of destructive power that was never seen on the internet before. There were many botnets that were much smaller than  Fireball and were still powerful enough to cause some major damage via DDoS attacks, spamming campaigns and alike.

One of such botnets was the infamous Mirai botnet, which managed to deny the internet service to millions during the attack that happened in last December. It was estimated that the attack had around 120,000 devices as part of the botnet, and those mostly included connected cameras, routers and alike. Now remember that Fireball has managed to collect 250 million PCs. The amount of power that such a botnet could have, as well as the potential of its attacks,  is unimaginable.

Check Point predicts another scenario, which is a little less apocalyptic, but still very bad. According to them, Rafotech might collect and sell all of the mass-harvested data that Fireball can gather. That would include credit card numbers, business patents and plans, as well as any other sort of private information that was ever posted on anything with internet access. All of that could be stolen and sold to the highest bidder.

Check Point claims that Rafotech has the power that could ignite a global catastrophe and that the potential loss is indescribable. The security company says that Fireball is hiding as a part of another software, which allows it to get downloaded without the knowledge of the user. Some examples of the infected software are FVP Imageviewer and Soso Desktop. If you discover that your browser has a new homepage, that’s the clear sign that your device is infected. You can find instructions on how to eliminate the infection on Check Point’s recent post.

According to their analysis, what Rafotech is doing doesn’t follow the criteria that would allow these actions to be seen as legal. This includes the nature of the malware, the fact that it can’t be uninstalled, as well as the fact that it’s hiding its true nature and even its connection to Rafotech.

Rafotech’s website is currently offline, but it still has the archived version. On it, the researchers found claims about them offering ‘strong anti-spamming system’, as well as connection to games called Casual Warrior, and Cutie Clash. The users should probably avoid using such software, as well as anything else from Rafotech.