China arrests 11 hackers for infecting 250M devices with Fireball malware

Law enforcement authorities in China have arrested eleven hackers suspected of developing Fireball malware which infected 250 million computers worldwide. Among the infected devices, 20 percent belonged to large corporate networks in various countries.

Fireball malware was discovered two months ago by researchers at Proofpoint who noted that its mission is to infect computers in an attempt to generate revenues through forced browser advertisement. So far the hackers earned 80 million yuan ($11.84 million) with their malware campaign, reports Beijing Youth Daily.

More:  Someone from China is Distributing Mirai Malware Through Windows Botnet

At the time of discovery, researchers found 25.3 million devices in India and 5.5 million devices in the US were infected with Fireball malware.

“Specifically,  25.3 million infections in India (10.1%), 24.1 million in Brazil (9.6%), 16.1 million in Mexico (6.4%), and 13.1 million in Indonesia (5.2%). The United States has witnessed 5.5 million infections (2.2%).”

China arrests 11 hackers for infecting 250M devices with Fireball malware
Fireball malware’s infection flow

How the hackers were arrested

Fireball malware was being spread by a legit Chinese software company Rafotech. However, their scam campaign was exposed by a local Chinese security researcher after which police began its investigations.

According to state run news website Xinhua, the researcher analyzed how the malware worked and how its transmission methods functioned. Proofpoint’s research helped him to identify that Fireball carries the same malicious code which he found in Rafotech’s freeware.

Upon further digging, the researcher managed to find some of the people working in the company and its registration details. The reports suggest more than 100 people are working for the company out of which eleven were involved in developing the malware.

The Haidian district police said that all culprits are quite young with IT backgrounds. They are also well aware of anti-detection techniques, and they also discussed the aftermath of their malware campaign with lawyers even before executing it.

Police have charged the culprits for destroying computer systems. More to follow.

More:  SpyDealer Rooting Malware Steals Data From Android Devices

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.