• Check Point security discovered Fireball -a Chinese malware- that has infected over 25 crore computers, turning them into zombies.
• Of the 25 crore infected devices worldwide, 2.5 crore are in India while 2.4 crore in Brazil.
• Fireball can run any code, download any file/malware, hijack and manipulate victim’s web-traffic to generate ad-revenue.
• India is among the top affected countries. Is your computer infected too?

Fireball: Threat operation creates security flaws on victim devices

Fireball manipulates victims’ browsers and turns the default search engines/homepages into fake search engines that redirect queries to either yahoo.com or Google.com.

The fake search engines include tracking pixels that collect users’ private information.

Fireball is a browser-hijacker that can become a fully-functioning malware downloader.

It is spread mostly through bundling – installed alongside a required program without the user’s permission.

Distribution: India and Brazil, the two most infected countries

Of the 250 million infected devices worldwide, 25.3 million (10.1%) are in India while 24.1 million (9.6%) in Brazil.

Mexico witnessed 16.1 million (6.4%) infections followed by 13.1 million (5.2%) in Indonesia and 5.5 million (2.2%) in the US.

As far as corporate network infection rates are concerned, Indonesia (60%) was followed by India (43%), Brazil (38%), the US (10.7%) and China (4.7%).

Fact: Estimated infection rate

The sensitive information stolen by Fireball could be sold or exposed to and abused by threat actors for many purposes. Based on the current situation, one out of five corporations worldwide would be susceptible to major breach. Key organizations could face severe damage.

Rafotech: Malware carries digital certificate for looking legitimate

Rafotech doesn’t admit it makes browser-hijackers and fake search engines; it calls itself a marketing agency with a 300 million reach.

Fireball and other browser-hijackers are half seemingly legitimate software and half malware; they carry digital certificates for a legitimate appearance.

Fireball may be spread by bundling the malware to other Rafotech products or via other freeware distributors under fake names.

Infected?: Are you infected? Follow these steps to check

Unfamiliar browser homepages or unchangeable homepages or unfamiliar default search engines and browser extensions are a sign you might be infected with adware.

To remove adware, uninstall it from the device.

Use anti-malware software and adware cleaner software scan and clean your computer.

Remove malicious extensions, add-ons, plug-ins from the browser and then restore the browser to its default settings.

Fact: Rafotech’s activities, an immense threat

Rafotech’s browser-hijackers operation could reportedly be the largest infection operation in history. The Fireball attack has the potential to cause irreversible damage not only to its victims but also worldwide internet users. Fireball poses a great threat to the global cyber ecosystem.