After last month’s WannaCry mayhem, a new strain of Chinese browser-hijacking malware named Fireball is infecting systems at random. It has already affected 250 million systems. Classified as an adware, its modus operandi is standard: Fireball disguises itself within bundled programs/software and installs itself stealthily without the users’ knowledge. Once installed, it pushes unsuspecting users to specific web pages with ads.
The malware was intercepted by the security firm Check Point. Although it is not as dangerous as Ransomware, Fireball is capable of jeopardizing overall security of infected systems in the long run.
So far, the malware has had major impact in India, Brazil, and Mexico. Also, there are over 5.5 million instances of the threatening malware activities in the US.
Being an adware package, it takes control of the target’s web browsers and turns them into directionless zombies. This allows hackers to spy on victims’ web traffic and potentially steal their data. It also installs plug-ins to generate ad revenue for its creators.
Check Point calls it “possibly the largest infection operation in history.”
Check Point’s data shows that 9.3 per cent of corporate networks in the UK have at least one machine with the Fireball adware on it, the same as in the US. By comparison, 9.75 per cent of German corporate networks have a Fireball-infected machine, and 18 per cent in France.
What is Fireball Malware and who has created it?
As per Check Point, the malware has been created by Rafotech, a large digital advertising marketing agency based in Beijing. The adware takes over target’s browser and replaces the default search engine with a bogus one. The fake browser looks like Google or Yahoo search homepages and when you search data on them, they gather all private information to make revenue.
Rafotech is playing safe as it walks along the edge of legitimacy, knowing that adware distribution is not considered a crime unlike malware distribution. Most companies provide software or services for free, and make profits by collecting data or offering advertisements. Once a user gives permission to install a software on his/her computer, it is hard to blame the provider of any malicious intent.
So what exactly can Fireball malware do on an infected PC?
Fireball enters your system by hiding behind some legitimate software. Technically it cannot be called malware as it is used for advertising and initiating internet traffic, which cannot be marked as a threat. But this adware is far more devious and can go much beyond just manipulating traffic.
The malware can access all web data and can easily run any code to gather personal information. Fireball malware is being installed along with popular freeware products like Soso Desktop, FVP Imageviewer, and many others. It also has the ability to execute commands remotely like downloading further malicious software. Also, the data harvested by Fireball can be sold to bidders who are looking for precious information such as credit card numbers, business plans and patents etc. It installs a backdoor into all these computers for cybercriminals to access.
How to check if your PC is infected?
To see if your system is infected, check the default homepage and search engine of your web. If you find anything suspicious, examine browsers extensions, and see if they can modify the default search engine. Try to delete such extension and change the default home page, but if nothing can be altered it states that the computer is infected by adware. Users can even use adware scanner to check for the infection.
How to remove Fireball Malware from your PC?
For Windows users: If you notice that your personal computer is infected by the adware, go to Programs and Features list in Windows Control Panel. Uninstall all unknown extensions, compromised applications and suspicious applications.
MacOS users: You can use finder to locate the application, and then trash the file. After deleting the file, empty Trash to permanently delete the compromised file.
Users should also perform scanning and cleaning on their machine with anti-malware, adware cleaner.
How to check the web browsers?
On Google Chrome, click the menu icon. Then select Tools and Extensions, and remove suspicious add-ons.
On Internet Explorer, go on Setting icon, and then select Manage Add-ons. Then remove add-ons, which you deem suspicious/malicious.
On Mozilla Firefox, this is part of tools tab, and once again remove any add-ons, which you don’t remember installing. You can also disable malicious plugins from the settings.
On Safari, go to select preferences followed by Extensions tab, and then uninstall any suspicious extensions.
How Serious Is This?
Adware is a nuisance. But Fireball shouldn’t be judged by what it intends to do, but what it can do. Its creators can turn the adware into a botnet, to tap into personal IDs, private data and financial details.
Fortunately, getting rid of Fireball is simple. It can be removed from PCs by uninstalling the adware using the Programs and Features list in the Windows Control Panel, or using Mac Finder function in the Applications folder on Macs.
Users should also keep a check on all extensions and add ons. If there are any suspicious add-ons, extensions or plug-ins, one should immediately remove them.
Do not wait till something big happens before you act and remove all malicious/ suspicious add ons extensions and check your default home page for quick diagnosis.
Subscribe to our newsletter to stay abreast of cyber threats and system security solutions.