Technology news site

CheckPoint Says Chinese Marketing Firm Rafotech Behind Intrusive Fireball Adware That Has Infected Over 250m Computers


Israeli cyber-security firm CheckPoint says a Chinese digital marketing company by the name Rafotech is behind a string of adware that may have their way to over 250 million computers worldwide. Rafotech is being accused of building a very intrusive adware that’s able to forcefully hijack your browser and redirect traffic to some fake search engines.

Being an adware, it doesn’t necessarily hijack your computer like the WannaCry ransomware for example but rather redirect search results using those fake search engines through Google and Yahoo’s affiliate programs which means the Chinese company gets the commission. So it’s all about earing ad revenue illegally.

Called Fireball, it is spread when an unsuspecting user is installing a legitimate software without the option to opt out at any time which is the means through which it forcefully redirects traffic worldwide to fake search engines.

CkeckPoint estimates that “over 250 million computers worldwide have been  infected: specifically,  25.3 million infections in India (10.1%), 24.1 million in Brazil (9.6%), 16.1 million in Mexico (6.4%), and 13.1 million in Indonesia (5.2%). The United States has  witnessed 5.5 million infections (2.2%).

Fireball infection flow

                                 Source: CheckPoint

Based on Check Point’s global sensors,  20% of all corporate networks are affected . Hit rates in the US (10.7%) and China (4.7%) are alarming;but Indonesia (60%), India (43%) and Brazil (38%) have much more dangerous hit rates.”

It gets more interesting because CheckPoint thinks the Fireball adware has trojan capabilities because it could very well allow the Chinese company to execute malware to a victim’s computer. It makes sense because if they can hijack your browser, it means they can also gain access to sensitive operating system files on your computer too which is where it gets scary. This means the attackers can eventually gain access to your files and subsequently infect them or even lock you out and demand a ransom.

Some of the sites Fireball redirects you to rank high on Alexa and as CheckPoint puts it, “Another indicator of the incredibly high infection rate is the popularity of Rafotech’s fake search engines. According to Alexa’s web traffic data, 14 of these fake search engines are among the top 10,000 websites, with some of them occasionally reaching the top 1,000.”

The best way to protect yourself is to be careful of free software online and have your anti-virus software up to date. If you think your computer may have been affected, you might want to try installing an antivirus or consult an expert to help out with this. Good thing it’s not at the brutal WannaCry stage.


Featured Image: CNN

HTML Snippets Powered By : XYZScripts.com