Jun 05, 2017 06:10 AM EDT
The WannaCry Ransomware attack that affected 200,000 computer systems in mid-May appears miniscule compared to a new Chinese malware. “Fireball” has infected over 250 million computers across the world, mostly in India, Mexico, and Brazil. It is also found in 20 percent of corporate networks.
Forbes reports that Check Point, a security company that discovered “Fireball,” considers the incident as likely the largest infection operation in history. It was created by Rafotech, an advertising company in Beijing as a malevolent software to generate fake clicks and traffic for the company. If the malware is installed, it redirects the browser of the user to websites that mimic Yahoo or Google search homepages. These fake pages secretly gather private information on the user through tracking pixels.
Since “Fireball” has the ability to execute commands remotely, such as downloading more malicious software, it could, in theory, go beyond ad-scamming. The malware could sell harvested data or use infected computers into a botnet with a powerful destructive power that goes beyond national borders.
Many of the computers infected with “Fireball” got it through a free software bundled with Rafotech’s code. These are Soso Desktop and FVP Imageviewer, although these two free apps are not popular or recognizable to U.S. computer users, Wired notes.
However, “Fireball” still managed to infect 5.5 million computers in the U.S. In the UK, the infection rate is 9.3 percent of corporate networks, while it is 9.75 percent in Germany, and 18 percent in France.
Maya Horowitz, the head of Check Point’s research team, explains that “Fireball” installs a backdoor into the computers that are very easily exploited in the hands of the Chinese company behind the campaign. The malware infections were traced by Check Point to Rafotech by analyzing the domains of the command and control servers which the malware links back to.