Fireball is a trojan that creates a critical backdoor that has impacted over 250 million computers worldwide. Fireball can run any code on infected computers and can download files or malware. The trojan is also capable of hijacking and manipulating infected victims’ web traffic to generate ad-revenue. Fireball can also be used to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, this creates a massive security flaw in targeted machines and networks.

According to Check Point, this is a Chinese threat operation run by Rafotech, a digital marketing agency based in Beijing. Rafotech uses Fireball to manipulate the victims’ browsers and turn their default search engines and home-pages into fake search engines which simply redirect the queries to either or


June 2017: The #1 most prevalent malware in May 2017, infecting one in five organizations. (CheckPoint)

Technical Analysis

·       Check Point researchers provide a technical analysis of the Fireball Trojan here.