PSA: Beware Of A Piece Of Malware Called Fireball

A new malware has recently been detected by the security firm Check Point. This malware is called Fireball and has infected over 250 million computers worldwide.

The malware, called Fireball, acts as a browser-hijacker but and can be turned into a full-functioning malware downloader. Fireball is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware. this malware has two main powers. It can run any malicious code on the victim’s computer. It can also hijack and manipulate infected users’ traffic to generate fraudulent ad revenue.

This operation is run by Rafotech, a large digital marketing agency based in Beijing. Rafotech uses Fireball to manipulate the victims’ browsers and turn their default search engines and home-pages into fake search engines. This redirects the queries to either yahoo.com or Google.com. The fake search engines include tracking pixels used to collect the users’ private information. Fireball has the ability to  spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, this creates a massive security flaw in targeted machines and networks

How Do You Protect Yourself? 

Fireball is spread mostly via bundling i.e. installed on victim machines alongside a wanted program, often without the user’s consent. In that context, it is important to make sure to only install software from a legitimate and trusted source. It is also important to only run legal software and not install any pirated software.

How to know if you’re infected by Fireball?

To check if you’re infected by the Fireball malware, Check Point has laid out some simple points. If the answers to the questions asked below are no, you might be infected with adware.

You simply need to open your web browser. Take a look at the home page and default search engine–was it set by you? Can you make changes to them? Do you recognize the extension installed in your web browser?

To remove most of the adware, you simply need to remove the application from your computer. On Windows, you can do from Programs and Features list in the Windows Control Panel. On Mac, locate the Applications in Finder and drag anything that you think is suspicious to the trash.

You are also advised to scan and clean your computer using a good anti-virus app and adware cleaner software. You can also look for Extensions/Add-ons list in your web browser and delete anything that you think is suspicious.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: