A new malware named Fireball unleashed by a digital marketing agency in China has infected over 250 million PCs worldwide.
Fireball is being used by agencies to infiltrate computers and manipulate web traffic to generate ad revenues.
The large-scale infection of systems around the world by the new malware was first spotted by security firm Check Point. Named Fireball, the malware has been designed by Rafotech, a Chinese digital marketing agency specifically to help boost ad revenues of certain websites by infiltrating computers worldwide.
SMB vulnerabilities are major cause of WannaCry ransomware attacks: Malwarebytes
Once Fireball infiltrates a computer, it manipulates the web browser to turn 'default search engines and home pages into fake search engines.' This way, the malware helps redirect queries either to fake yahoo.com or google.com engines to generate fraudulent ad revenues. At the same time, Fireball can also track a user's browsing history, download new malware and other files and execute malicious codes.
According to Check Point, as many as 250 million computers have been infiltrated by Fireball so far. As many as 20% of computers in corporate networks have also been affected. Apart from generating fraudulent clicks on websites, Fireball can also be used to execute malicious codes and download new malware and is thus among the most powerful threats to cyber security.
While 10 percent of all affected computers are in India alone, a large number of computers have also been affected in Brazil, Mexico, Indonesia and the United States. Check Point adds that Rafotech’s fake search engines are among the top 10,000 websites and have contributed enormously to the high infection rate.
Major video subtitle vulnerability leaves millions of devices unprotected
"Although Rafotech uses Fireball only for advertising and initiating traffic to its fake search engines, it can perform any action on the victims’ machines These actions can have serious consequences. How severe is it? Try to imagine a pesticide armed with a nuclear bomb. Yes, it can do the job, but it can also do much more," noted the Check Point Threat Intelligence Research team.
The security firm has also explained the reasons behind the high infection rates of new malware. With a large number of firms now offering free software or services and presenting advertisements to generate profits, ad agencies are now using a new method named 'Bundling' to generate more ad revenues. By employing this method, agencies install other programmes along with free programmes, sometimes without user consent, to infiltrate computers. So if a user is downloading a particular software, he may be giving access to other programmes to his computer without knowing about them.
Fraudulent adware 'Judy' infected up to 36 million Android phones
"It’s important to remember that when a user installs freeware, additional malware isn’t necessarily dropped at the same time. If you download a suspicious freeware and nothing happens on the spot, it doesn’t necessarily mean that something isn’t happening behind the scenes," the researchers added.
To prevent your computer from being affected by fraudulent adware and malware like Fireball, you may check if your browser homepage has been altered or if your browser features extensions which you never downloaded yourself.
If your computer has indeed been infected, you can either uninstall potentially malicious programmes or run anti-malware or adware cleaning software. At the same time, you can also restore your internet browser to its default settings in browsers like Google Chrome, Internet Explorer, Mozilla Firefox and Safari.