Fireball Malware Responsible for Quarter of a Billion Infections

Rafotech, a Chinese digital marketing and mobile application company, has unintentionally caused malware to spread to at least 250 million computers worldwide.

Originally intended to be used to generate revenue through web browser advertisements, Rafotech’s Fireball turned into a malware package that could take over a victim’s web browser and allow hackers to spy on the victim’s online habits and steal their personal information.

Security research teams discovered Fireball malware earlier this year, with the program being bundled with other free software readily available online.

As Fireball is installed on a computer, it activates web browser plugins to configure the victim’s browser settings, replacing their home pages and search engines with fraudulent ones.

Researchers said it was important to remember that additional malware is not automatically removed when freeware is installed on a computer. They added that Rafotech was using additional distribution methods in spreading freeware by using fake names, spam, and even installers from cybercriminals.

Fireball’s fake search engines redirect a victim’s search queries to Yahoo or Google while using tracking methods to collect the victim’s data.

As mentioned earlier, Fireball spies on an infected device’s web history; has the ability to install malicious coding and plugins; and set up efficient malware installation – creating an even bigger security hole on infected PCs.

Fireball turned into a malware package that could take over a web browser, spy on the victim’s online habits, and steal their personal information.

Security experts have also observed the Malware to have sophisticated anti-detection processes, something comparable to much more superior malware strains.

Fireball is believed to be currently manipulating their users’ web traffic to boost their advertising revenue, while simultaneously having the ability to distribute malware.

Researchers approximate that one out of five companies in the world could be susceptible to such a security breach. Of the mentioned 250 million computers infected globally, one-fifth of them belong to business entities.

India has 10% of all cases with at least 25.3 million infected devices, with Brazil following with 24.1 million cases, and Mexico with 16.1 million. Indonesia (13.1 million) and the U.S. (5.5 million) round out the five countries with the most infections.

The research team familiar with the situation liken Rafotech to a pesticide armed with a nuclear bomb; it is devastating but could be so much worse. They also added that hackers would be envious of Rafotech’s power and reach.

So what can we do to protect ourselves?

The first thing to check is if your homepage was changed to a webpage you do not remember setting. Also, if you are not able to change the homepage or search engine to your preference, you might be infected with Fireball.

If you notice browser extensions that look fishy or if you do not remember installing them, this could also be another sign that you have been infected with Fireball or a similar adware.

Removing this type of malware should be simple. Uninstalling the application that the malware came with should be your first step. Next would be restoring your browser settings to its default option.

Being more cautious in installing programs is another way of preventing such invasive applications, while also making sure to read before agreeing to anything. As program installers come with optional extensions or installations, go for the custom option and do not choose to set up any unnecessary or unfamiliar programs.

Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.

Share on social media:

Leave a Reply

Your email address will not be published. Required fields are marked *