After WannaCry ransomware, researchers have discovered another new malware, which has impacted over 250 million personal computers and 20% of corporate networks.
The malware, called Fireball, is a Chinese malware, well technically an adware, act as a browser-hijacker but and can be turned into a full-functioning malware down-loader. Fireball is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware. Fireball is spread mostly via bundling i.e. installed on victim machines alongside a wanted program, often without the user’s consent.
The Fireball which has impacted nearly 250 million PCs. Also India (10.1%) and Brazil (9.6%) are among the worst affected in the list of countries, according to security firm Check Point, which discovered this malware/adware.
According to Check Point’s research teams, Fireball can take over a browser on an infected computer and will run any code on these compromised PCs. This includes:
- Ability to download any file,
- Include other malware, and
- Manipulating web traffic of the infected PC in order to boost ad-revenue for websites by the company behind the malware.
So what is Fireball Malware and who is behind it?
Malware has been created by Rafotech, which is a “large digital marketing agency based in Beijing.”
The malware, rather the adware, takes over a victim’s browser and your default search engine, be it Google or Yahoo is replaced by a fake one.
The fake search engines include tracking pixels used to collect the users’ private information. Fireball has the ability to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, this creates a massive security flaw in targeted machines and networks.
After this, all queries to an actual search engine are redirected to these false ones, which then tracks a victim’s web usage in order to collect private information.
Warning – This malware is a serious one, and what makes it really dangerous is that it has the ability to “execute any malicious code in the infected machines.”
So how can you know if your PC is infected? What can you do to remove Fireball?
One way is scanning for Fireball malware is looking at the default home page on your browser, and check the default search engine. Users should examine all browser extensions, and whether they can modify the default search engine. If you can’t change any of this, then there’s a good sign that the computer is infected by adware. Using an adware scanner to figure out if something is wrong with the browser.
How do you remove Fireball Malware from your PC?
Once you find the adware on your personal computer:
For Windows users :
- Go to Programs and Features list in Windows Control Panel,
- Hit uninstall for the compromised application.
For MacOS users :
- Should user finder,
- Locate the application, and
- Trash the file,
- Empty the trash to delete the compromised file.
However, there is a warning that users might not always find the program in the list.
- Users should scan and clean their machine with anti-malware, adware cleaner,
- Also go to your preferred browser,
- Check out the tools and extensions.
- Uninstall anything suspicious or what you don’t remember installing in the first place.
This is a good time to review all extensions, add-ons to browsers that you regularly use.
For Google Chrome Users :
- Click the menu icon
- Select Tools and Extensions
- Remove suspicious add-ons.
For Internet Explorer users :
- go on Setting icon,
- Select Manage Add-ons,
- Remove add-ons, which seem malicious.
For Mozilla Firefox users :
- This is part of tools tab, and
- Once again remove any add-ons, which you don’t remember installing,
- You can also disable malicious plugins from the settings.
For Safari users :
- Go to select preferences followed by Extensions tab, then
- Uninstall any suspicious extensions.