Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Chinese Police dismantled the behind the Fireball adware campaign that infected more than 250 Million PCs

Chinese authorities arrested eleven members of the gang behind the Fireball adware campaign that infected more than 250 Million PCs. Chinese police have identified and arrested individuals suspected to be the operators behind the massive adware campaign that infected more than 250 Million computers across the world earlier this year. In June, researchers at security firm Check Point discovered the […]

Chinese Police dismantled the behind the Fireball adware campaign that infected more than 250 Million PCs

Chinese authorities arrested eleven members of the gang behind the Fireball adware campaign that infected more than 250 Million PCs.

Chinese police have identified and arrested individuals suspected to be the operators behind the massive adware campaign that infected more than 250 Million computers across the world earlier this year.

In June, researchers at security firm Check Point discovered the massive campaign spreading the Fireball malware. The malicious code was infecting both Windows and Mac OS systems, it can be used by attackers to gain full controls of the victim’s web browsers, to spy on the victims and exfiltrate user data.

The adware is disguised as a legitimate software and leverages browser plug-ins to boost its own advertisements.

Fireball malware

The researchers associated the campaign with the operation of the Chinese firm Rafotech that is a company that officially offers digital marketing and game apps to 300 million customers.

Chinese media outlets reported eleven Rafotech employees arrested by local police, including executives. It seems that the authorities arrested the suspects in June shortly after the publication of the report.

The Chongqing Morning News confirmed that the president, the technical director, and an operations director were arrested by the Chinese Police.

According to the state-owned outlet “Sixth Tone,” the click-fraud netted 80 million yuan, nearly US$12 million.

The Beijing Municipal Public Security Bureau Haidian Branch Network Security Brigade was informed by someone working under the pseudonym Zhang Ming, then the authorities monitored the Fireball campaign tracking its operators.

The individuals have allegedly “admitted the facts,” they were responsible for the campaign that launched around 2015 when the Rafotech setup the advertising fraud.

According to Beijing Youth Daily, the Fireball adware did not infect Chinese users to avoid being investigated by local authorities.

To check the presence of the malware on your systems open your web browser and try to reply the following questions:

  1. Did you set your homepage?
  2. Are you able to modify your browser’s homepage?
  3. Are you familiar with your default search engine and can modify that as well?
  4. Do you remember installing all of your browser extensions?

To uninstall the adware just remove the respective application from the machine and reset to default settings for your browser.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  (Fireball, adware)

[adrotate banner=”13″]