After WannaCry ransomware, researchers have discovered another new malware, which has impacted over 250 million personal computers. Fireball is a Chinese malware, well technically an adware, which has impacted nearly 250 million PCs. Also India is among the worst affected in the list of countries, according to security firm Check Point, which discovered this malware/adware..
According to Check Point’s research teams, Fireball can take over a browser on an infected computer and will run any code on these compromised PCs. This includes the ability to download any file, include other malware, and manipulating web traffic of the infected PC in order to boost ad-revenue for websites by the company behind the malware. In its blogpost detailing, how the Fireball malware works, Check Points says the malicious program can even install “plug-ins and additional configurations to boost its advertisements.”
So what is FireBall Malware and who is behind it?
Check Point says the malware has been created by Rafotech, ,which is a “large digital marketing agency based in Beijing.” The malware, rather the adware, takes over a victim’s browser and your default search engine, be it Google or Yahoo is replaced by a fake one.
After this, all queries to an actual search engine are redirected to these false ones, which then tracks a victim’s web usage in order to collect private information. Check Point warns this malware is a serious one, and what makes it really dangerous is that it has the ability to “execute any malicious code in the infected machines.”
So who all are impacted by Fireball Malware? Which countries? Is India impacted?
Fireball malware has a massive impact on India, and in fact ours is the worst hit country on the list. According to Check Point, 20 per cent of corporate networks are infected, which sounds pretty bad. It gets worse from there, with Check Point saying India is the top infected country with 10.1 per cent of the infections, followed by Brazil (9.6 per cent).
The cyber-security firm says in India 25.3 million computers are infected, in Brazil this number is at 24.1 million, and Mexico is third on the list with 16.1 million infections. United States has 5.5 million infections. According to Check Point, India with 43 per cent hit rates on corporate networks is one of worst hit. Check Point also notes that 14 of the fake search engines are in the top 10,000 websites in Alexa, which is another indicator of the seriousness of this problem.
So what exactly can Fireball malware do on an infected PC?
As Check Point notes Fireball is part of some legitimate software. Technically this is half malware and half legit software with proper digital certificates. As Check Point says, Rafotech is only using this for “advertising and initiating traffic,” but the power of such a malware goes much beyond just manipulating traffic.
This malware can run any code, spy on a user’s web habits and that means it can have serious consequences. Check Point’s description for the malware makes the seriousness of the problem evident: “Try to imagine a pesticide armed with a nuclear bomb. Yes, it can do the job, but it can also do much more.” As Check Point notes, the malware has “digital certificates” , which gives it a legitimate appearance, and points out the company knows that “adware distribution is not considered a crime.”
Fireball is being bundled along with other applications and programs, and as the report says regular users can’t uninstall this kind of malware. Check Point also says the Fireball malware is being installed along with popular freeware products like Soso Desktop, FVP Imageviewer, and others.
So how can you know if your PC is infected? What can you do to remove Fireball?
According to Check Point, one way is scanning for Fireball malware is looking at the default home page on your browser, and check the default search engine. Users should examine all browser extensions, and whether they can modify the default search engine. If you can’t change any of this, then there’s a good sign that the computer is infected by adware. Check Point recommends using an adware scanner to figure out if something is wrong with the browser.
Check Point has given some indicators of compromise to check for on your PC. The full list is mentioned on the Check Point blog as well.
How do you remove Fireball Malware from your PC?
For Windows users, once you find the adware on your personal computer, go to Programs and Features list in Windows Control Panel. Hit uninstall for the compromised application. MacOS users should user finder, locate the application, and then trash the file. After that empty the trash to delete the compromised file. However, Check Point also warns users might not always find the program in the list.
Check Point says users should scan and clean their machine with anti-malware, adware cleaner. Also go to your preferred browser, and check out the tools and extensions. Uninstall anything suspicious or what you don’t remember installing in the first place. This is a good time to review all extensions, add-ons to browsers that you regularly use.
In Google Chrome, click the menu icon. Then select Tools and Extensions, and remove suspicious add-ons. In Internet Explorer, go on Setting icon, and then select Manage Add-ons. Then remove add-ons, which seem malicious.
On Mozilla Firefox, this is part of tools tab, and once again remove any add-ons, which you don’t remember installing. You can also disable malicious plugins from the settings. In Safari, go to select preferences followed by Extensions tab, and then uninstall any suspicious extensions.