Chinese ‘Fireball’ Malware Infects 250M Systems Worldwide

A Chinese malware that hijacks browsers and uses them as bots has infected 250 million computers worldwide, according to new research from security firm Check Point.

The malware, nicknamed ‘Fireball,’  hijacks browsers and “turns them into zombies,” says Check Point, hijacking and manipulating infected users’ web-traffic to generate ad-revenue. Fireball installs plug-ins and additional configurations to boost its advertisements, but can just as easily turn into a prominent distributor for any additional malware, according to researchers. Fireball is capable of running any code on the infected machines, which means it can download any file or malware.

Fireball is spread by “bundling” with programs the user wants to download and installing alongside them without the user’s consent.

According to Check Point, the Fireball operation is run by Rafotech, a Beijing-based digital marketing agency that is using Fireball to manipulate the victims’ browsers and turn their default search engines and home-pages into fake search engines. The fake search engines then use tracking pixels to collect the users’ private information., giving Fireball the ability to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, this creates a massive security flaw in targeted machines and networks.

Luckily, removing Fireball is not a complicated process. To find out if you’re infected, Check Point offers the following advice:

“To check if you’re infected, first open your web browser. Was your home-page set by you? Are you able to modify it? Are you familiar with your default search engine and can modify that as well? Do you remember installing all of your browser extensions?

If the answer to any of these questions is “NO”, this is a sign that you’re infected with adware. You can also use a recommended adware scanner, just to be extra cautious.”

To remove the malware from PCs, you simply need to uninstall the adware using the Programs and Features list in the Windows Control Panel. Similarly, Mac users can use theMac Finder function in the Applications folder on Macs. “Users should also be removing malicious add-ons, extensions or plug-ins from their browsers,” Check Point further advises.

Get the full details on the Fireball Malware here.

Jeff Edwards
Follow Jeff

Jeff Edwards

Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff

One thought on “Chinese ‘Fireball’ Malware Infects 250M Systems Worldwide”

Leave a Reply

Your email address will not be published. Required fields are marked *