Chinese Fireball Malware

Chinese Fireball Malware affects 250 Mn computers. India most affected.

Possibly the largest malware infection operation in the history is on its way with Fireball Malware. The Chinese malware is presumably inside a quarter billion PCs already and is present in 20% of the networks worldwide claims Check Point. The major infection center is supposed to be India, Brazil and Mexico. While the world is still recuperating from the effects of WannaCry ransomware this new malware is posing another threat.

“Fireball” is designed to hijack browsers by taking over them and turning them into zombies. It has two main functionalities- the ability to run any code on victim’s computer including downloading files or malware and hijacking as well as manipulating victims web traffic to generate ad-revenue. Currently it installs plug-ins and additional configurations to generate ad revenue for a Beijing based digital marketing firm called Rafotech but this can be a very potent tool for malware attack of massive scale.

About 250 Mn systems and 1 in 5 networks can easily become the target of real malware given the abilities of this potent adware. It installs a backdoor in the computers it runs on and can be very easily exploited at the hands of Chinese people behind the campaign.

Key points:

  1. Fireball is spread mostly via bundling i.e. installed on the user machine along with a wanted program, often without user’s consent.
  2. The operation is run by Chinese digital marketing agency which makes it potential dangerous.
  3. India is one of the top infected countries with about 10.1% computers (out of 250 Mn) being present in India. Brazil comes next with 9.6%.
  4. Since the hijacked browser is capable of downloading and running any code it can potential be used for stealing or running a malicious code.

How to detect if your system is infected?

Open your browser and check:

  1. Did you download the extensions on your PC.
  2. Are you familiar with your default search engine and can modify that as well?
  3. Do you remember setting your homepage?
  4. Can you modify your browser homepage?

If the answer to any of these is “NO” then your computer is infected with Fireball adware.

To remove the adware, uninstall the respective extension and application from your computer or reset your browser settings to default.

Always remember on the internet nothing is safe, keep your system protected. Use good anti-virus tools and cyber security covers. Logix Infosecurity brings the latest tools and software’s to keep your organization safe.

Leave a Reply

Your email address will not be published. Required fields are marked *