A Chinese digital marketer is to blame for the spread of malware called Fireball that reportedly has turned 250 million web browsers into ad-revenue generating “zombies” and infected 20 percent of corporate networks around the world.
The malware hijacks browsers and generates revenue for a Beijing-based digital marketing agency called Rafotech, said Check Point Software Technologies, which made the claim in a report published Thursday. Check Point calls this “possibly the largest infection operation in history,” and added that it can be turned into a distributor of any other malware family.
Fireball has two main functions: the ability of running any code on victim computers–downloading any file or malware, and hijacking and manipulating infected users’ web-traffic to generate ad-revenue,” Check Point said. “Currently, Fireball installs plugins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware.
Rafotech, according to researchers, is using Fireball to manipulate victims’ browsers to generate money via advertising. Rafotech denies any wrongdoing, Check Point said. Rafotech’s objective is to configure a target’s browser homepage and default search engine with a “fake search engine,” Check Point said. That search engine’s pages would also include tracking pixels, used to collect the users’ private information. User search queries are then redirected to Yahoo or Google.