Check Point has named Fireball malware that targets web browsers for advertising purposes, but can also serve as backdoor

Check Point has named Fireball malicious software that targets web browsers for advertising purposes, but can also serve as a backdoor.

Beyond their ability to modify certain options of a web browser, the malicious software called "browser hijackers" can also act as backdoor ... open to all risks.
This is the main lesson from a report that Check Point teams publish about a Chinese malware they called " Fireball ".
The latter is precisely in the category of browser hijackers. According to the Israeli security solutions provider, it has infected 250 million machines (10.1% in Brazil, 9.6% in India) and 20% of the corporate networks in the world.
The Beijing-based digital marketing agency Rafotech would exploit it for the purpose of click fraud. It would use Fireball to change the home pages and search the browsers of its victims, in favor of a fake engine equipped with a spy pixel for data collection.
The malware is often present on the new machines. Its installation is triggered the first opening of applications distributed by Rafotech ( Deal Wifi , Mustang Browser ...) or by third-party publishers ( Soso Desktop , FVP Image Viewer ...) Are massively identified as viruses.

Open doors

Legal dissemination or not? In the domain of adware , the border is blurred. For Check Point, the question does not arise here. Not only because the true nature of Fireball is not unveiled to the end user, for whom the uninstallation is otherwise difficult, but also because there is no clear link to Rafotech.
It is not impossible, according to the Israeli publisher, that the digital marketing agency relies on other levers among which facilities coined with suppliers of security solutions.
If the modules and configuration files that Fireball recovers serve to refine its advertising fraud, it is, in the absolute, able to retrieve, from its dynamic control server, any code and then run it. Or when adware becomes a much more serious threat.
Links probably exist with other Chinese companies, such as ELEX Technology (Internet services), whose YAC software ("Yet another cleaner") seems to be used to install Fireball on some machines.

Post A Comment: