Researchers have discovered yet another malware, and this time it is called Fireball. After the infamous WannaCry ransomware attacks, Fireball is said to have affected more than 250 million personal computers.
Researchers have discovered yet another malware, and this time it is called Fireball. After the infamous WannaCry ransomware attacks, Fireball is said to have affected more than 250 million personal computers. Fireball, which has affected hundreds of PCs, is a Chinese malware, or rather an adware. Additionally, India has faced the worst impact of Fireball in the list of countries, according to Check Point, the security firm which discovered this malware or adware. According to Check Point research teams, Fireball can take over a browser on an infected computer and run any code on the compromised PCs. This includes the ability to download any file, include other malware, and manipulating web traffic of the infected PC in order to boost ad revenue for websites by the company behind the malware.
CheckPoint, in its blog post, provided details about how the Fireball malware actually works. The malicious program can even install ‘plug-ins and additional configurations to boost its advertisements’. Fireball is being bundled along with other applications and programs, and as the report says regular users can’t uninstall this kind of malware. Check Point also says the Fireball malware is being installed along with several popular freeware products. While we lay out certain points about Fireball, you can understand the seriousness of the problem based on the following line by the security firm: “Try to imagine a pesticide armed with a nuclear bomb. Yes, it can do the job, but it can also do much more.”
1. Check Point says the malware has been created by Rafotech, which is a “large digital marketing agency based in Beijing.” The malware, rather the adware, takes over a victim’s browser and your default search engine, be it Google or Yahoo is replaced with a fake one. After this, all queries to an actual search engine are redirected to these false ones, which then tracks a victim’s web usage in order to collect private information.
2. Fireball malware has a massive impact on India, and in fact, ours is the worst hit country on the list. According to Check Point, India with 43 percent hit rates on corporate networks is one of the worst hit.
3. India is the top infected country with 10.1 percent of the infections, followed by Brazil (9.6 per cent). The cyber-security firm says in India 25.3 million computers are infected, in Brazil, this number is at 24.1 million, and Mexico is third on the list with 16.1 million infections.
4. According to Check Point, 20 percent of corporate networks are infected, and that it really bad. Check Point also notes that 14 of the fake search engines are in the top 10,000 websites in Alexa, which is another indicator of the seriousness of this problem.
5. Check Point notes Fireball is part of some legitimate software. Technically this is half malware and half legit software with proper digital certificates. As Check Point says, Rafotech is only using this for “advertising and initiating traffic,” but the power of such a malware goes much beyond just manipulating traffic.
6. This malware can run any code, spy on a user’s web habits and that means it can have serious consequences.
7. According to Check Point, one way is scanning for Fireball malware is looking at the default home page on your browser, and check the default search engine. Users should examine all browser extensions, and whether they can modify the default search engine. If you can’t change any of this, then there’s a good sign that the computer is infected with adware.
8. Check Point recommends using an adware scanner to figure out if something is wrong with the browser. Check Point has given some indicators of compromise to check for on your PC. The full list is mentioned on the Check Point blog as well.
9. For Windows users, once you find the adware on your personal computer, go to Programs and Features list in Windows Control Panel. Hit uninstall for the compromised application. MacOS users should user finder, locate the application, and then trash the file. After that empty the trash to delete the compromised file.
10. Users should scan and clean their machine with anti-malware, adware cleaner. Also, go to your preferred browser, and check out the tools and extensions. Uninstall anything suspicious or what you don’t remember installing in the first place.