Chinese Fireball Adware Infects More Than 250 million Computers Worldwide


There’re a lot of viruses on the Internet and anyone can become a victim of them. Fortunately, security researchers don’t just sit around and watch them attack people – they’re constantly at work on the solutions to existing ones and are always on the lookout for new threats. And a new one, this time coming from China, has been discovered. It’s called Fireball and it demonstrates absolutely staggering results. More than 250 million computers worldwide have been infected by it and this virus has managed to get inside of at least 20% of corporate networks. There’re three areas that Fireball has affected the most – India (10.1% of the infections), Brazil (9.6% of the infections), and Mexico (6.4% of the infections). The United States has more than 5.5 million infections (2.2%).

This threat has been discovered by the security firm Check Point and, quoting them, they say that it’s “possibly the largest infection operation in history.” Fireball is designed in such a way that it generates fake clicks and web traffic for its creators and brings profits to them that way. A Beijing advertising company named Rafotech is responsible for it and, once it manages to get inside the system it starts, without any exaggeration, wreaking havoc.

How does it work? Well, it gives constant redirects to various pages that copy its’ designs from Yahoo! or Google and appear under a variety of different names. Those sites gather sensitive data, employing the so-called tracking pixels, and you don’t even see it happening until it’s too late and there’re attempts to break into your online accounts, bank accounts, and digital wallets. And Fireball doesn’t stop there. It can execute commands remotely, so it puts additional malware on the computer. It can very well lead to your personal information being sold to third parties or, even worse, to your machine being made a part of a globe-spanning botnet.

Botnets are responsible for DDoS attacks, spam emails being sent out in ridiculous amounts, and a lot more. And keep in mind that there’re usually far fewer devices in them – for example, the Mirai botnet that left millions of people without access to the Web last December, had 120,000 devices, not 250 million. And those devices weren’t all computers – they were mostly connected cameras and routers. So the damage that Fireball can potentially do is immense. Check Point also says that people behind this virus can sell of the data they’ve managed to collect – including credit card details, patents, and business plans – to the highest bidder, and companies risk losing millions of dollars because of it. It’s definitely not the type of malware that should be taken lightly.

Fireball is bundled with different free programs, such as Soso Desktop or FVP Imageviewer, and it gets inside the system during the installation process. This is just one of the ways it can be distributed by – all of them haven’t been discovered yet. So we strongly advise you to download security software like Plumbytes Anti-Malware, Malwarebytes or SpyHunter and always keep it updated and running. If you do that, your chances of having the computer attacked by viruses will be significantly reduced. Avoid unnecessary risks while browsing the Internet and try to stay away from suspicious sites, as you never know what might be waiting for you on them.

As far as the developer’s homepage ( goes, it’s currently offline. But you can check out the archived versions from 2016 and see that they were boasting about being able to sell creative ads. The site also mentions games like Cutie Clash and Casual Warrior, so be careful and check out the publisher. If you see the name “Rafotech” you now know that you have to steer clear of them. Don’t let people behind Fireball get richer at your expense.


Please enter your comment!
Please enter your name here