Chinese company Rafotech believed to be behind millions of malware infections
According to extensive research from the Israeli cyber-security firm Check Point, a Chinese digital marketing company called Rafotech has infected millions of computers worldwide with adware that redirects user traffic to fake search engines.
The fake search engines then divert their search queries through Google and Yahoo's affiliate programs to earn a commission for the company behind the adware. So far Rafotech has infected over 250 million computers according to a rough estimation from Check Point.
The reason the adware has been able to spread so quickly to so many computers is that Rafotech often bundled its malicious software with legitimate programs and applications. Users were also often unable to opt-out of installing the adware to their machines.
The countries that have been most affected by the adware are India with 25.3 million infections, Brazil with 24.1 million infections and Mexico with 16.1 million infections. Rafotech's adware has also made it to the US and 5.3 million computers have been infected making up 2.2 percent of the total infections worldwide.
Check Point has also revealed that the adware has been found on 20 percent of all corporate networks meaning one in five companies are already infected. The firm has nicknamed the adware Fireball and it is certainly cause for concern as Rafotech is able to push and execute malware on the computers of its victims. The adware could also easily be converted to steal user credentials or used to launch ransomware as it has full access to the browsers of those infected.
Fireball has infected so many computers worldwide that some of the fake search engines that it redirects users to can now even be found on the Alexa Top 10,000 list of most popular sites on the Internet.
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.