It is like the golden-for-hacker-dark-for-us malware era, and here we have another dangerous internet infection which has allegedly infected 250 million systems including Mac and Windows. This new bad-guy is called ‘Fireball’ and hails all the way from China.
First we had WannaCry ransomware, then came the EternalRocks worm and now a newbie the Fireball – a browser hijacking malware or rather an adware. To explain in simple language, the malware takes over web browsers and turns them into zombies. Yeah that was simple right? Fireball is said to be originated from China and has already infected 250 million Mac and Windows systems all around the world. The malware hijacks browsers and generates revenue for a Beijing-based marketing agency called Rafotech as per the statements from Check Point Software Technologies. Check Point was the first to find out the presence of this malware.
But it is not just about collecting revenue, Fireball is actually capable of executing any code on the infected machines, resulting in a wide range of actions from stealing credentials to dropping additional software nasties. And it spreads mostly via ‘bundles’ which means it is bundled along with any program or software the user wants to download and gets installed without any permission or indication. And now comes the kicker – the most of the infected systems belong to India, Brazil and Mexico. This malware adware can also spy on the search behaviour and possibly retrieve personal information and data too.
So if you install free softwares, the adware is likely to make its way into your system and then will install plug-ins to your browser and toggle your browser settings too. ‘Symptoms’ of being infected by Fireball may include automatic changes in your browser settings, homepage settings and default search engines. And you will not be able to change these settings no matter what, and that my friend is when you know your system has turned into a revenue zombie.
It may not seem very dangerous and you might be like, like eh, just another adware but remember that the red button is in the wrong hands and it doesn’t take much to imagine a scenario in which Rafotech decides to harvest sensitive information from all of its infected machines, and sell this data to threat groups or business rivals. Banking and credit card credentials, medical files, patents and business plans can all be widely exposed and abused by threat actors for various purposes. And with the number of systems already infected, the possible potential loss is describable, and repairing the damage caused by such massive data leakage (if even possible) could take years. Doesn’t sound that timid anymore, does it? So it is advisable to smother the Fireball before it bon-fire us.
Fortunately, removing Fireball is pretty simple and doable unlike WannaCry. Since it is an adware, all you will require to do is uninstalling the adware program from your system manually. And it can’t get any easier, here are the steps you need to follow if infected:
Windows: Uninstall the adware by removing the application from the Programs and Features list in the Windows Control Panel.
Mac: Use the Finder to locate the malicious applications, drag the suspicious files to Trash and empty trash.
Cha-chin clean. Your system must be free from fireball after doing that and to avoid it, make sure to check the authenticity of any website before downloading software. And just beware, that’s all.