Just when the world was catching a breather for WannaCry ransomware, another one has come knocking at the door. A new malware dubbed as Fireball has infected millions of computers globally.
According to the research by CheckPoint, Fireball has infected one out of every corporate network around the world. The maximum number of infected system are from India (25.3 million - 10.1%), Brazil (24.1 million - 9.6%), Mexico (16.1 million - 6.4%), and Indonesia (13.1 million - 5.2%). In the United States, this malware has attacked around 2.2% of devices at 5.5 million reported occurrences.
It's worth mentioning that the spreading of such high-impact malware. Unsurprisingly, Rafotech, a digital marketing company from China is the mastermind behind the surge.
How does it spread?
It all springs when Rafotech installs Fireball malware on an undoubting user's computer. The company uses a bait in the form of a monetizing tool known as "bundling" where it bundles its malware with some of its other products or freeware. To win over user's confidence, Fireball is armed with digital certificates and files. After the successful installation of the malware, Rafotech then uses it for personal benefits.
In the report, CheckPoint explains:
Rafotech uses Fireball to manipulate the victims’ browsers and turn their default search engines and home-pages into fake search engines. This redirects the queries to either yahoo.com or Google.com. The fake search engines include tracking pixels used to collect the users’ private information.
Fireball installs plugins to boost the ad network for Rafotech's bogus search engines, all this for generating ad revenue for the firm. That is not all; there is a possibility of greater wickedness as the malware can run any code on the infected device. It can lead to a wider harm as Rafotech could steal confidential information from the infected systems and install additional malware to run codes on the networks of big organizations.
Scan browser, default search engine, and extensions
There is a lingering threat of a wider attack. We would like to advise our readers not to download any freeware. We are not saying that all the freewares are dangerous, but there is no way to check if they are clean.
CheckPoint writes in the report:
As with everything in the internet, remember that there are no free lunches. When you download freeware, or use cost-free services (streaming and downloads, for example), the service provider is making profit somehow. If it’s not from you or from advertisements, it will come from somewhere else.
To check if Fireball has infected your system, you should review your browser, default search engines, and even extensions. Check for all the installed plug-ins, and if you find anything suspicious then remove it right away by restoring their browser to default settings. In addition, also check your downloads and look for suspicious files. Get rid of any file that looks unfamiliar.