China arrests Nine hackers behind malware Fireball

Chinese authorities have arrested nine members of a hacker group that created Fireball, a malware that infected $250 million computers worldwide. It was bundled with a legitimate software.

Microsoft disputes the numbers. The Redmond-based tech giant says that it has only cleaned about 40 million Fireball infections since 2015. Nonetheless, the number of computers infected by the malware is significant given that Rafotech also earned more than 80 million yuan ($11.84 million) from fake clicks and ad revenue through this malware.

When Were The Fireball Hackers Spotted?

The arrests were first reported on July 25 this month. 11 suspects are reported to have admitted the facts of the crime.

hough arrested by the local Chinese authorities, a local security researcher first detected that the malware was run by Rafotech, a Chinese digital marketing company. Once sure that the footprints led to Rafotech’s local servers, the security researcher handed over the evidence to the police.

Where Was The Malware Team Operating From?

The Rafotech employees used to run the malware operations in the Haidian district, a district of the municipality of Beijing. All nine hackers are reported to be young, though having many years of experience in the IT industry.

Check Point, a security software company had revealed last month that Rafotech used a pervasive method of ‘bundling’. The method uses a free software offer to bundle malicious software within the free offer. As confirmed by the Haidian police, the company had around 100 employees most of whom were involved in developing its freeware.

How Was The Gang Busted?

The security researcher who unearthed that it was Rafotech behind the widespread malware utilized the research done by Check Point. He analyzed Fireball’s transmission methods and then compared it to the source code of Rafotech’s freeware. “He then used digital signatures to determine the company’s registration information, and the people responsible in the company,” wrote Yi Shu Ng of Mashable.

It may be highlighted that Fireball impacted computers in India, Brazil, Mexico, Indonesia, and the USA. The estimated number of infected computers is in millions and by far the most pervasive malware that spread across several continents.

Fireball was a well-coordinated and managed exercise. You must have come across free software that shady companies offer online. Bu,t using the freely available software that doesn’t even have a legitimate company at its back is a disaster in waiting. Too often we are in a hurry to get things done without considering the implications of using the cheaply available software. There’s no free lunch and hackers are the last one to offer a valuable tool without having equally valuable in return.

The malware usually piggybacks the freeware and is used to steal credentials, install unwanted software and route queries to pre-determined websites. Query routers and fake browsers are used to conduct the exercise.


The arrest of hackers by the Chinese authorities is a welcome move. You don’t often see hackers getting caught as most of them are able to eliminate their digital footprints. Not this time.

Rather than getting comfy, put your act together by adopting baseline security measures for your online privacy/security. The use of antivirus software, backing up your data in cloud-based storage apps, and install the latest software patches released by your OS provider (Microsoft Windows).


Please enter your comment!
Please enter your name here