Israeli cyber-security firm CheckPoint says a Chinese digital marketing company by the name Rafotech is behind a string of adware that may have their way to over 250 million computers worldwide. Rafotech is being accused of building a very intrusive adware that’s able to forcefully hijack your browser and redirect traffic to some fake search engines.
Being an adware, it doesn’t necessarily hijack your computer like the WannaCry ransomware for example but rather redirect search results using those fake search engines through Google and Yahoo’s affiliate programs which means the Chinese company gets the commission. So it’s all about earing ad revenue illegally.
Called Fireball, it is spread when an unsuspecting user is installing a legitimate software without the option to opt out at any time which is the means through which it forcefully redirects traffic worldwide to fake search engines.
CkeckPoint estimates that “over 250 million computers worldwide have been infected: specifically, 25.3 million infections in India (10.1%), 24.1 million in Brazil (9.6%), 16.1 million in Mexico (6.4%), and 13.1 million in Indonesia (5.2%). The United States has witnessed 5.5 million infections (2.2%).
Source: CheckPoint
Based on Check Point’s global sensors, 20% of all corporate networks are affected . Hit rates in the US (10.7%) and China (4.7%) are alarming;but Indonesia (60%), India (43%) and Brazil (38%) have much more dangerous hit rates.”
It gets more interesting because CheckPoint thinks the Fireball adware has trojan capabilities because it could very well allow the Chinese company to execute malware to a victim’s computer. It makes sense because if they can hijack your browser, it means they can also gain access to sensitive operating system files on your computer too which is where it gets scary. This means the attackers can eventually gain access to your files and subsequently infect them or even lock you out and demand a ransom.
Some of the sites Fireball redirects you to rank high on Alexa and as CheckPoint puts it, “Another indicator of the incredibly high infection rate is the popularity of Rafotech’s fake search engines. According to Alexa’s web traffic data, 14 of these fake search engines are among the top 10,000 websites, with some of them occasionally reaching the top 1,000.”
The best way to protect yourself is to be careful of free software online and have your anti-virus software up to date. If you think your computer may have been affected, you might want to try installing an antivirus or consult an expert to help out with this. Good thing it’s not at the brutal WannaCry stage.
Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
