After the dangerous WannaCry ransomware wreaked havoc across 150 countries with more than 200,000 computers being infected, a new Chinese malware known as Fireball has been discovered that has reportedly infected millions of computers worldwide.
According to the Check Point firm, the malware has infected over 250 million computers worldwide and India is the worst affected country. The report highlights that 25.3 million PCs have been infected in India with the malware, followed by Brazil (24.1 million), Mexico (16.1 million), Indonesia (13.1 million) and the United States (5.5 million). Further, most of the attacks are on the corporate networks with Indonesia (60%) been the most affected one followed by India (43%) and Brazil (38%). Hit rates in the US (10.7 percent) and China (4.7percent) are alarming as well.
What is Fireball?
The malware is basically a browser-hijackers, which is considered as the largest infection operation in history, which basically take over victim’s target browsers and use them to generate fake clicks and traffic for the creator.
How does it work?
According to the security firm, the malware has two basic functions. First, it runs code on victims’ computers, which allows the malware to download different files or even infuse more malware into the system. Second, it also hijacks and manipulates the web traffic of the user to generate ad-based revenue. Fireball installs plug-ins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware.
In order to do that, it manipulates victims’ browser and turns change their default search engines and home pages into fake search engines. The fake search engines are equipped with tracking pixels, which is used to collect users’ confidential information. The security firm further stated that “Fireball has the ability to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, this creates a massive security flaw in targeted machines and network.”
How does it reach a PC?
Well, Fireball or other malware comes with different freeware available on the internet. There are many free software or services by different present on the internet, which uses different techniques like harvesting data or presenting advertisements. This also led to the birth of new monetizing method known as bundling. In bundling, the software installs another program alongside it, which is sometime with a user’s authorization and sometime without.
In the case of Fireball, there are different software including Deal Wifi and Mustang Browser as well as bundling via other freeware distributors such as “Soso Desktop”, “FVP Imageviewer” and others, which bundles the malware.
Who is behind it?
According to the firm, this operation is run by Rafotech, a large digital marketing agency based in Beijing. The marketing agency is using additional distribution methods, such as spreading freeware under fake names, spam, or even buying installs from threat actors.
Further, Rafotech has the power to take out sensitive information from the infected system and sell this data to threat groups or business rivals. The information includes banking and credit card credentials, medical files, patents and business plans. The malware has the potential to cause a global catastrophe and the potential loss is indescribable, and repairing the damage caused by such massive data leakage could take years, according to Check Point.
How should I prevent it?
In order to check if you are infected with this malware or not, first, open your browser. If the homepage or search engine has been changed automatically, then it is highly likely that you are infected with the malware. In this case, go the Control Panel from Windows and select Programs and Feature list. Search for the suspicious looking adware from it and then delete it.
One can also install anti-malware software and adware cleaner software, which also helps in removing the adware. If you are using Google Chrome, then go to Tools> Extensions and locate the suspicious looking add-ons. Click the trash icon to delete it.
Similarly, for Mozilla Firefox, click the menu icon and go to the Tools tabs. Select Add-ons> Extensions and remove any suspicious Add-ons and then go to the Add-on manager> Plugins to locate and disable any malicious plugins. If possible, then restore your internet browsers to its default settings.