Over 250 million computers infected with dangerous Fireball malware worldwide
Checkpoint security researchers have discovered a new and dangerous malware, called Fireball, that hijacks and manipulates infected users’ web traffic to perform malicious actions. Although the dangerous Fireball ransomware is currently being used to generate ad-revenue for a large digital marketing agency in Beijing, it is capable of executing any malicious code on victim machines in order to steal user credentials, spy on users or download additional malware.
This operation is run by Rafotech, a large digital marketing agency based in Beijing. Rafotech uses Fireball to manipulate the victims’ browsers and turn their default search engines and home-pages into fake search engines.
Checkpoint’s research also revealed that over 250 million computers worldwide, including Windows and Mac, and %20 of corporate networks have been infected.
The scope of the malware distribution is alarming. According to our analysis, over 250 million computers worldwide have been infected: specifically, 25.3 million infections in India (10.1%), 24.1 million in Brazil (9.6%), 16.1 million in Mexico (6.4%), and 13.1 million in Indonesia (5.2%). The United States has witnessed 5.5 million infections (2.2%).
The Fireball malware has been spotted being distributed via bundling. In this type of attack, usually a wanted software bundles with spyware, adware or other forms of malware. Checkpoint report shows that Fireball found bundled with the following software;
- Deal Wifi
- Mustang Browser
- SoSo Desktop
- FVP Imageviewer
After the infection, Fireball takes over victims web browser, changes home page and search engines into fake Rafotech search engines in order to generate ad-revenue. These fake search engines also include ‘Tracking pixels’, which can be used to collect victims’ private information.
A tracking pixel (also called 1×1 pixel or pixel tag) is a graphic that is loaded when a user visits a website or opens an email and is used to track certain user activities. A tracking pixel can also be used to acquire statistical data for online marketing, web analytics, or email marketing.
Also this type of dangerous malware easily can be used to redirect victims to malicious websites to steal personal data and saved credentials, download other malicious malware forms, or use their machines as zombies in a bot-net attack.
How can you know if you are infected and How to protect?
First of all, to check if your machine infected, open your web browser(s), check if your default home-page settings changed with a suspicious address? Are you able to modify this setting? If not, seems like somethings wrong. Also check installed browser extensions and programs to see if any suspicious installations.
You can try to remove these suspicious settings, extensions and programs, and it is advised to full-scan your computer using an updated anti-malware and adware software.
Please subscribe to our free security newsletter.
252 total views, 4 views today