Chinese Malware “Fireball” Infects 250 Million Computers

Recently we came across the news that Ransomware WannaCry created a stir in the digital world. And before we could digest the hangover of the WannaCry Ransomware, here is another malware that took down 250 million computers. It is the Fireball malware.

It is a Chinese malware that affected more than 20% of the corporate networks. Its main infection centers are Brazil, India, and Mexico. According to the security firm Check Point, this is by far the largest malware attack in history.

How does Chinese Malware Fireball work?

The software works by creating fake clicks and traffic for the creator. The developer of this malware is a Beijing advertising firm called Rafotech. When you install this software, it will redirect users’ browsers into a mirror homepage of Google and Yahoo search engine. You might mistake them as the real home page of Google and Yahoo. The fake pages will collect all your private search history and information by using the “tracking pixels.”

Fireball Infection Flow

Fireball Infection Flow. Image by Check Point

The worst part of Fireball is, it has got the ability to command further instructions remotely. For instance, it can download more malicious software without your knowledge. India is among the worst affected in the list of countries. India has more than 25 million PCs affected because of this firewall. This malware can execute any malicious code within the infected machine.

Goodness gracious, great Chinese 'Fireball' malware infects 250m systems worldwide https://t.co/cL0eXfNR8C
June 2, 2017 - @TheRegister

The second major hit took place in Brazil with 9.65% of computers affected. Mexico has got 16.1 million PCs infected while the USA has 5.5 million infections. The malware creates fake search engine homepages. 14 of the fake search engines are in the top 10000 list of Alexa. This is what makes it worse.

Related:  Google Allo Privacy Breach Will Reveal Your Searches To Your Friends

How do you know if your PC is infected?

The Fireball malware gets installed with other applications, and users cannot uninstall it. Many freeware products like the Soso Desktop, FVP Image viewer and others will also install this malware on your desktop. There is one way of knowing whether your PC is infected or not. Look at the default homepage and then check the default homepage of the search engine. Check all the browser extensions whether you can change the default search engine. If you are not able to change it, then the device is already affected by Fireball malware.

What to do to remove the Fireball malware?

Use an adware scanner, and if your device is already affected, then you need to format your PC entirely. It is the best option. If you don’t want to format your device fully, then, go to the Programs and features list on the Control Panel. Uninstall the compromised application.

For the Mac users, use Finder, locate the application, and then trash the file. Empty the Trash to delete the file. Check Point also suggests users scan and clean their device with anti-malware and adware cleaners. Uninstall anything that you find suspicious. Review all the extensions and add-ons of Chrome, Internet Explorer and Mozilla Firefox. If you are using Safari, select the preferences in the extensions lab and then uninstall any suspicious extensions.

Final Thoughts

Though Fireball is not a Malware but considering the scale of damage it caused to its victims, it can be termed as the biggest threat to the cyber security system. We hope that antivirus and security system companies will soon release updated to block the Fireball programm. TNI team wish you a safe browsing and request to all its readers to stay away with unwanted installs.

We will be happy to hear your thoughts

Leave a reply

Register New Account
Name (required)

Reset Password