Recently, researchers from Check Point cyber security discovered an adware named Fireball in a cyber threat mission conducted across the world by Chinese actors. Unlike other adware infection, this malware attack seems to be most adverse because of the crucial infection over large number of devices in a short time.
As soon as it infects the device, it takes control of the browser to generate revenue through phishing advertisements. It runs a malicious code on the infected computer and downloads malicious files and malwares over the Internet, which helps actors to generate ad-revenue.
At present, the adware instals plugins and additional configurations which boost advertisements and become a distributor for other malwares. This malware not alone acts as a browser-hijacker but also turns as a full-functioning malware downloader. So, the malware will execute any code on the targeted machines, result with credential data theft and malware infection.
The team behind the attack:
The mission is conducted by Rafotech, one of the largest digital marketing agencies in Beijing, China.
According to the researchers, "The agency used this adware to manipulate victims’ browser and turn their default search engines and homepages into fake search engines. This redirects the queries to either Yahoo.com or Google.com. The fake search engines include tracking pixels used to collect the users’ private information. Fireball has the ability to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines. In the end, it creates a massive security flaw in targeted machines and networks."
The researchers team found that in those 250 million infected computers, around 20 per cent belong to corporate networks. Through this, we can clearly see the Chinese exploit corporate companies. Also, they found that around 10.1 per cent (25.3 million computers) computers in India have been infected with this malware.
This adware mostly spreads as a bundle with the necessary software and makes it difficult for the user to predict the infection. Interestingly, this adware doesn't need any user permission to access certain data or information.
According to the researchers analysis, "Over 250 million computers worldwide have been infected: specifically, 25.3 million infections in India (10.1%), 24.1 million in Brazil (9.6%), 16.1 million in Mexico (6.4%), and 13.1 million in Indonesia (5.2%). The United States has witnessed 5.5 million infections (2.2%)."
Also, based on Check Point’s global sensors, India has the second top place with 43 per cent hit rates whereas the US and China stand 10 per cent and below. Alexa’s web traffic data shows that 14 of those fake search engines are among the top 10,000 websites.
"We believe that although this is not a typical malware attack campaign, it has the potential to cause irreversible damage to its victims as well as worldwide Internet users and, therefore, it must be blocked by security companies. The full distribution of Fireball is not yet known, but it is clear that it presents a great threat to the global cyber ecosystem. With a quarter billion infected machines and a grip in one of every five corporate networks, Rafotech’s activities make it an immense threat," researchers mentioned in a blog post.
They have also mentioned the way to remove the malware.
For Windows users:
'Uninstal the adware by removing the application from the Programs and Features list in the Windows Control Panel. '
For Mac OS users:
'Use the Finder to locate the Applications. Then, drag the suspicious file to the Trash. Empty the Trash. that's it.'
Also, scan and clean your machine regularly with anti-Malware software and adware cleaner software. In addition, remove malicious add-ons, extensions or plug-ins from your browser.