Chinese Police Arrest 11 Over Fireball Adware

250 Million Infections of Click-Fraud Malware Tied to Digital Marketing Agency

Police in Beijing have arrested 11 individuals on charges that they developed and distributed Fireball, malicious adware that was tied to 250 million installations worldwide, according to Chinese media reports.

All of the suspects work for Beijing-based Rafotech, which bills itself as being a digital marketing agency. The firm’s president, technical director and operations director were among those detained, Chongqing Morning News reported Tuesday. Police told the publication that Rafotech earned 80 million yuan – nearly $11.8 million – in 2016 profits.

Rafotech could not be reached for comment. The company’s website remains offline following a June 1 blog post from Israel-based security firm Check Point accusing the firm of not only distributing adware, but also installing browser-hijacking malware on users’ systems that could be used to “drive victims to malicious sites, spy on them and conduct successful malware dropping,” for the apparent purpose of perpetrating click fraud.

Check Point warned that unlike many types of adware, which pushes advertisements to PCs, typically via banners or pop-up advertising, Fireball was designed to give its authors complete control of any system on which it had been installed. As a result, any data stored on a system infected by the malware – including “banking and credit card credentials, medical files, patents and business plans” – would be at risk of being exfiltrated by the malware controllers, Check Point says.

Nine of the Rafotech suspects will face charges of “sabotaging computer systems,” state-owned media outlet Sixth Tone reports, noting that the individuals were detained soon after the Check Point blog post appeared, although news of the arrests only recently emerged.

While a majority of the firm’s alleged attacks involved foreign targets, they could still face jail time in China, criminal attorney Ding Dalong tells Sixth Tone. “As long as they are engaged in illegal activity on Chinese soil, they’ll be held accountable according to Chinese law – which in their case should amount to at least five years in prison,” he said.

The case remains under investigation, Beijing Youth Daily reports.

Continue reading…