Fireball, A Chinese browser-hijacking malware infected 250 million computers worldwide

-


Security researchers have discovered a massive malware campaign that has already infected more than 250 million computers across the world, including Windows and Mac OS.

Dubbed Fireball, A strain of Chinese browser-hijacking malware is an adware package that takes complete control of victim's web browsers and turns them into zombies, potentially allowing attackers to spy on victim's web traffic and potentially steal their data. Fireball is capable of executing any code on the infected machines, resulting in a wide range of actions from stealing credentials to dropping additional software nasties

Check Point researchers, who discovered this massive malware campaign, linked the operation to Rafotech, a Chinese company which claims to offer digital marketing and game apps to 300 million customers.While the company is currently using Fireball for generating revenue by injecting advertisements onto the browsers, the malware can be quickly turned into a massive destroyer to cause a significant cyber security incident worldwide.

Fireball spreads mostly via "bundling", which means it is installed alongside a program the user wants to download, but without their consent. The biggest proportion of infections are in India, Brazil and Mexico, but there are over 5.5 million instances of the nasty in the US.The malware has spread so widely that its even affecting corporate networks, according to researchers. Fireball has infected more 250 million computers worldwide, with 20 percent occurring on corporate networks. Western corporate networks are looking healthier (Indonesia, India and Brazil are bearing the brunt) despite still showing multiple instances of the nasty.

Check Point's data shows that 9.3 per cent of corporate networks in the UK have at least one machine with the Fireball adware on it, the same as in the US. By comparison, 9.75 per cent of German corporate networks have a Fireball-infected machine, and 18 per cent in France.

Another indicator of the incredibly high infection rate is the popularity of Chinese digital marketing agency Rafotech's fake search engines. According to Alexa's web traffic data, 14 of these dodgy pages are among the top 10,000 websites.

At the current, Fireball adware is hijacking users' web traffic to boost its advertisements and gain revenue, but at the same time, the adware has the capability to distribute additional malware.

"Based on our estimated infection rate, in such a scenario, one out of five corporations worldwide will be susceptible to a major breach," researchers added.

According to researchers, over 250 million computers are infected worldwide, 20 percent of them are corporate networks:
  • 25.3 million infections in India (10.1%)
  • 24.1 million in Brazil (9.6%)
  • 16.1 million in Mexico (6.4%)
  • 13.1 million in Indonesia (5.2%)
  • 5.5 million In US (2.2%)

Warning Signs that Your Computer is Fireball-Infected


If the answer to any of the following questions is "NO," that means your computer is infected with Fireball or a similar adware.

Open your web browser and check:
  1. Did you set your homepage?
  2. Are you able to modify your browser's homepage?
  3. Are you familiar with your default search engine and can modify that as well?
  4. Do you remember installing all of your browser extensions?
To remove the adware, just uninstall the respective application from your computer (or use an adware cleaner software) and then restore/reset your browser configurations to default settings.

The primary way to prevent such infections is to be very careful when you agree to install.

You should always pay attention when installing software, as software installers usually include optional installs. Opt for custom installation and then de-select anything that is unnecessary or unfamiliar.

Comments

Post a Comment

Popular posts from this blog

How to Repair Kali Linux grub after installing Windows in Dual boot System

-
Image
If your System has primary OS Windows then you install your secondary OS Kali Linux. That will be OK, Kali Linux puts boot entry of Windows automatically for you. At initial boot menu you can see both OS entry to boot. If your windows is corrupt in dual boot system or if you want to install windows as secondary OS after installing Kali Linux as primary OS. You may face corrupt boot-loader menu. You wont be able to boot Kali Linux any more because Windows wont put entry of Kali Linux automatically in their boot menu. So this post motive is to help those guys which are facing those problems subjecting to corrupt Boot-loader. There are mainly two methods: 1. Repair Grub via Kali Linux live USB. 2. Repair Grub Via Boot-rapair-disk. Method 1# Repair Grub via Kali Linux live USB It is up to you which you want to choose but if you are Linux familiar then go for this method. Requirements 1. A Kali Linux ISO image. You can download here: Download Kali Linux
Read more

PDFCrack - Password Cracking Tool for PDF-files

-
Image
PDFcrack is a GNU/Linux tool for cracking password protected PDF files. It is a very small command line application. It is not preinstalled in kali linux. We can install through command line. For installing pdfcrack open a terminal and enter apt install pdfcrack Syntax and options Usage: pdfcrack -f filename [OPTIONS]           : pdfcrack -f filenmae -w passwordfile.txt OPTIONS : -b, --bench perform benchmark and exit -c, --charset=STRING Use the characters in STRING as charset -w, --wordlist=FILE Use FILE as source of passwords to try -n, --minpw=INTEGER Skip trying passwords shorter than this -m, --maxpw=INTEGER Stop when reaching this passwordlength -l, --loadState=FILE Continue from the state saved in FILENAME -o, --owner Work with the ownerpassword -u, --user Work with the userpassword (default) -p, --password=STRING Give userpassword to speed up breaking ownerpassword (implies -o) -q, --quiet Run quietly -s,
Read more

Avet – Open Source Anti-Virus Evasion Tool

-
Image
When we want to perform an exploitation to a windows target, we need a payload that is undetectable to Antivirus Solutions. Msfvenom on its own is not enough. So we need an AV evasion tool to make this easy for us. Avet is a tool for building exe files with shellcode payloads for antivirus evasion. Installing Avet First clone the repository to our machine. git clone https://github.com/govolution/avet.git   After that go inside the folder and run the setup file to install wine and other missing components. cd avet/       Run the setup file to install the missing components.   ./setup.sh     Select create  for new installation   Running Avet There are two ways to run avet. Run avet by typing the command below. python avet_fabric.py   There are two ways to run avet. Either by compiling the make_avet script as shown below, or by  running the avet_fabric.py script, as shown. gcc -0 make_avet make_avet.c
Read more