11 arrested in Chinese Fireball malware investigation

But other attackers are still out there…

David bisson
David Bisson

Beijing police arrest 11 individuals in Fireball malware investigation

Beijing police officers have arrested 11 individuals in connection with the Fireball malware that had infected hundreds of millions of machines as of 2017.

On 3 June 2017, law enforcement in the Haidian district of Beijing received a tip from someone operating under the pseudonym “Zhang Ming.” That individual alerted the Beijing Public Security Bureau Network Security Corps to free software possibly containing the code for Fireball, an updated form of the ELEX adware which is capable of not only hijacking users’ browsers but also running any code on an infected machine.

All the program needs to do is first trick a user into installing it. Its creator, presumably a Chinese digital marketing agency called Rafotech, accomplished this task by bundling Fireball with its other products.

Sign up to our free newsletter.
Security news, advice, and tips.

Figure 1 768x545

Beijing’s law enforcement officers needed to see this for themselves.

Haidian police ran the suspect freeware on a simulation system. According to an English translation of a Sohu article, Fireball did rear its ugly head, thereby confirming that Rafotech had indeed incorporated the malware into its freeware.

Law enforcement subsequently traced the location of Rafotech and arrested 11 of its employees. Those individuals have since “admitted the facts” pertaining to their software.

As of June 2017, Fireball had claimed 250 million users worldwide and had affected one out of every five corporate networks. The malware is believed to have generated 80 million yuan in 2016 alone.

To protect themselves against threats like Fireball, it’s imperative that users think twice before they install freeware on their computers. It’s rare that anything is ever truly “free”. So when a developer releases a “free” program, rest assured there is a good chance they’re making money off it somehow… perhaps in a way that undermines users’ privacy and security.

At the very least, users should download software from only a trusted developer off of respected marketplaces. They should not install programs off unknown locations from people they don’t know.

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

One comment on “11 arrested in Chinese Fireball malware investigation”

  1. MikeOh Shark

    I have used some freeware for many years and never had a problem. Use freeware only from programmers who provide their name and whose software is vetted by the big download sites. Even then, you have to be careful and use programs that monitor changes to the registry, file changes, and changes to open ports.

    Now I use Linux. Most of it is free but I feel safe.

    Avoid freeware may be good advice for some but I think it's mostly the bloated high priced software houses that benefit from this advice.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.