Beijing police officers have arrested 11 individuals in connection with the Fireball malware that had infected hundreds of millions of machines as of 2017.
On 3 June 2017, law enforcement in the Haidian district of Beijing received a tip from someone operating under the pseudonym “Zhang Ming.” That individual alerted the Beijing Public Security Bureau Network Security Corps to free software possibly containing the code for Fireball, an updated form of the ELEX adware which is capable of not only hijacking users’ browsers but also running any code on an infected machine.
All the program needs to do is first trick a user into installing it. Its creator, presumably a Chinese digital marketing agency called Rafotech, accomplished this task by bundling Fireball with its other products.
Beijing’s law enforcement officers needed to see this for themselves.
Haidian police ran the suspect freeware on a simulation system. According to an English translation of a Sohu article, Fireball did rear its ugly head, thereby confirming that Rafotech had indeed incorporated the malware into its freeware.
Law enforcement subsequently traced the location of Rafotech and arrested 11 of its employees. Those individuals have since “admitted the facts” pertaining to their software.
As of June 2017, Fireball had claimed 250 million users worldwide and had affected one out of every five corporate networks. The malware is believed to have generated 80 million yuan in 2016 alone.
To protect themselves against threats like Fireball, it’s imperative that users think twice before they install freeware on their computers. It’s rare that anything is ever truly “free”. So when a developer releases a “free” program, rest assured there is a good chance they’re making money off it somehow… perhaps in a way that undermines users’ privacy and security.
At the very least, users should download software from only a trusted developer off of respected marketplaces. They should not install programs off unknown locations from people they don’t know.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.