Fireball, A Chinese browser-hijacking malware infected 250 million computers worldwide
Security
researchers have discovered a massive malware campaign that has
already infected more than 250 million computers across the world,
including Windows and Mac OS.
Dubbed
Fireball, A strain of Chinese browser-hijacking malware is an
adware package that takes complete control of victim's web browsers
and turns them into zombies, potentially allowing attackers to spy on
victim's web traffic and potentially steal their data. Fireball is
capable of executing any code on the infected machines, resulting in
a wide range of actions from stealing credentials to dropping
additional software nasties
Check
Point researchers, who discovered this massive malware campaign,
linked the operation to Rafotech, a Chinese company which claims to
offer digital marketing and game apps to 300 million customers.While
the company is currently using Fireball for generating revenue by
injecting advertisements onto the browsers, the malware can be
quickly turned into a massive destroyer to cause a significant cyber
security incident worldwide.
Fireball
spreads mostly via "bundling", which means it is installed
alongside a program the user wants to download, but without their
consent. The biggest proportion of infections are in India, Brazil
and Mexico, but there are over 5.5 million instances of the nasty in
the US.The malware has spread so widely that its even affecting
corporate networks, according to researchers. Fireball has infected
more 250 million computers worldwide, with 20 percent occurring on
corporate networks. Western corporate networks are looking healthier
(Indonesia, India and Brazil are bearing the brunt) despite still
showing multiple instances of the nasty.
Check
Point's data shows that 9.3 per cent of corporate networks in the UK
have at least one machine with the Fireball adware on it, the same as
in the US. By comparison, 9.75 per cent of German corporate networks
have a Fireball-infected machine, and 18 per cent in France.
Another
indicator of the incredibly high infection rate is the popularity of
Chinese digital marketing agency Rafotech's fake search engines.
According to Alexa's web traffic data, 14 of these dodgy pages are
among the top 10,000 websites.
At
the current, Fireball adware is hijacking users' web traffic to boost
its advertisements and gain revenue, but at the same time, the adware
has the capability to distribute additional malware.
"Based on our estimated infection rate, in such a scenario, one out of five corporations worldwide will be susceptible to a major breach," researchers added.
"Based on our estimated infection rate, in such a scenario, one out of five corporations worldwide will be susceptible to a major breach," researchers added.
According
to researchers, over 250 million computers are infected worldwide, 20
percent of them are corporate networks:
-
25.3 million infections in India (10.1%)
-
24.1 million in Brazil (9.6%)
-
16.1 million in Mexico (6.4%)
-
13.1 million in Indonesia (5.2%)
-
5.5 million In US (2.2%)
Warning Signs that Your Computer is Fireball-Infected
If the answer to any of the following questions is "NO," that means your computer is infected with Fireball or a similar adware.
Open your web browser and check:
-
Did you set your homepage?
-
Are you able to modify your browser's homepage?
-
Are you familiar with your default search engine and can modify that as well?
-
Do you remember installing all of your browser extensions?
The primary way to prevent such infections is to be very careful when you agree to install.
You should always pay attention when installing software, as software installers usually include optional installs. Opt for custom installation and then de-select anything that is unnecessary or unfamiliar.
Comments
Post a Comment