China has long known to be a country that harbors hackers and virus makers. These would traditionally be users and bot farms that’d create malware which hacked systems worldwide. It now turns out that a Chinese digital advertising agency has joined the fray by creating a virus called “Fireball”.
Spying for ad revenue
A Beijing-based digital advertising company called Rafotech recently created this malware to generate profits for their own company. Security experts have said that this Fireball malware can target your computer and run a malicious code that can be used to spy upon you. Fireball also uses your computer to generate fake clicks on random and malicious websites.
Rafotech owns several websites which are fake search engines. Therefore, whenever an advertisement on these websites is clicked by a user, Rafotech makes money out of that.
Therefore, to maximize their ad revenues, Rafotech created this Fireball virus which is estimated to have infected over 250 million computers worldwide already.
Once it infects your computer, Fireball re-directs any queries to search engines like Google on to its fake search websites. Once you land up on this websites, the malware generates fake clicks from your browser on advertisements that run here.
As the company uses digital certificates for this Fireball virus, it has managed to evade blocking and detection techniques employed by websites and security programs. The magnitude of the problem is so big that security experts estimate that Fireball has already infected over 20% of corporate systems worldwide.
Once it installs on your computer, Fireball sticks around and remains undetected which provides Rafotech with a captive user base every time it wishes to generate ad revenue through fake clicks.
Surprisingly, India has been among the worst-affected countries with over 25.3 millions systems already considered to be infected by the Fireball virus.
The threat from the Fireball malware is even greater as this bug can access your personal information, passwords, and ever credit card data. While it seems that Rafotech has used it only for fake ad clicks until now, theres no guarantee that the company might not try to hack your personal information and use it for their profit.
The first thing that users need to do is avoid any products or apps made by Rafotech. Some of these include Mustang Browser, Soso desktop, Deal Wifi, FVP Image viewer etc. If you’ve recently clicked on any of these programs, chances are that your system is already infected with the Fireball malware.
The problem is made more complicated by the fact that Rafotech has tied up with other produces of free software and apps on the internet. As a result, some free programs available on the internet from lesser-known companies might also be a medium for spreading the Fireball malware.
For starters, we would advice all users to refrain from installing programs and apps from unknown companies especially if they’re free. Always stick to tried and trusted companies that are globally famous while installing new programs.
In case your computer has already been infected by Fireball, here are some detailed instructions of cleaning it up.
We would also advice users to refrain from clicking on unknown links, websites, and advertisements in order to prevent their systems from getting affected by Fireball and other similar malware.
As hackers get increasingly creative, the only way to defend against them is by greater cybersecurity and knowledge. With regards to users, it is important that you stay vigilant and ensure that you never click on unknown websites that don’t look genuine or install apps that seem to be made by smaller or unknown Chinese developers.