Cyber-Security Firm CheckPoint Unmasks Rafotech, the Chinese Firm Behind the Pervasive Fireball Adware

Israeli cyber-security powerhouse, CheckPoint, has recently shed light on a pervasive piece of adware that may be lurking unnoticed in over 250 million computers worldwide. The firm claims that Fireball, the invasive adware responsible, can be traced back to a Chinese digital marketing firm known as Rafotech.

Rafotech allegedly developed this adware to forcibly hijack browsers, redirecting traffic towards counterfeit search engines. As intrusive as Fireball may be, it doesn’t function in the same manner as more notorious forms of malware, such as the WannaCry ransomware. Rather than locking you out of your own computer, Fireball manipulates search algorithms to generate ad revenue illegally.

Fireball seamlessly integrates itself into the user’s browsing experience under the guise of a legitimate software installation, offering no option for exclusion. This sneaky delivery method allows it to exploit Google and Yahoo’s affiliate programs, feeding traffic to imposter search engines and generating a tidy profit for Rafotech in the process.

CheckPoint’s research reveals a staggering 250 million potential Fireball infections worldwide, with India (25.3 million), Brazil (24.1 million), Mexico (16.1 million), and Indonesia (13.1 million) bearing the brunt of the impact. Presently, the United States accounts for around 5.5 million infections, or a meager 2.2% of the global total.

But the saga doesn’t end with adware, CheckPoint suspects that Fireball could also double up as a trojan, opening the floodgates to an arsenal of malware attacks on the affected computer systems. If it can indeed hijack a browser, it may also be capable of gaining access to critical operating system files. This theoretical capability means that the perpetrators could gradually gain control over your files, potentially introducing malicious infections or even prematurely locking you out of your own system.

As per CheckPoint’s global sensors, 20% of all corporate networks have been affected. The infection rates in the US (10.7%) and China (4.7%) are staggering; however, Indonesia (60%), India (43%), and Brazil (38%) document even more concerning rates.

In an unexpected twist, some of the sham search engines that Fireball redirects its victims to actually rank impressively high on Alexa. According to CheckPoint: “Another indicator of the incredibly high infection rate is the popularity of Rafotech’s fake search engines. According to Alexa’s web traffic data, 14 of these fake search engines are among the top 10,000 websites, with some of them occasionally reaching the top 1,000.”

How can you safeguard against adware like Fireball? One worthwhile precaution is remaining wary of free software available online. Equipping your system with up-to-date antivirus software and scheduling regular scans can also help fend against such threats. If you suspect your computer may have been compromised by Fireball, seek expert assistance or try installing a reputable antivirus program. Thankfully, Fireball’s impact, while significant, hasn’t reached the devastating scale of a WannaCry outbreak.

Featured Image: CNN