Earlier this month, threat intelligence researchers at Check Point discovered a high volume Chinese threat operation that has affected more than 250 million computers worldwide. This operation is being run by a large digital marketing agency based in Beijing called Rafotech. The malware, name “Fireball”, has two main functionalities. The primary use is the malware’s ability to hijack and manipulate the victim’s web browser to generate revenue by injecting advertisements for which Rafotech collects fees from traffic. After the ad injection, the users are redirected to either yahoo.com or google.com, but not before tracking pixels are deployed to collect users’ private information. The second, and potentially more harmful use of Fireball, is that once installed it can be used to drop other malware onto the infected system. Given the current statistics, this creates the potential for a massive cyber-security incident should this capability be leveraged for malicious purposes.
The top infected countries that are being affected by Fireball are India, which has about 25.3 million infections, and Brazil which has about 24.1 million infections. Fireball is another malware strain to add to the list of threats that business and individuals alike face. Just last month, the WannaCry ransomware attack struck more than 150 countries affecting over 200,000 computers. Make sure that you are keeping your computer and network updated to avoid any vulnerabilities. Below are some instructions to check if you have been infected with the latest Fireball malware. To check if your computer has been infected with the ‘Fireball’ malware, simply open your browser and check your homepage. If your homepage was not set by you, or you cannot change it to your preferred homepage, you may have the malware. Another sign that you have been hacked is if your default search engine is not one that you had set or if you have any suspicious browser plugins or extensions.
If you believe your business or organization may have been infected with the Fireball malware, contact a certified GraVoc Information Security specialist below or at (978) 538-9055.
Related articles
Change Healthcare Attack: Ransomware Protection Measures for Healthcare Organizations
In light of the Change Healthcare attack, we explore why hackers target healthcare and how healthcare can defend against ransomware.
GraVoc Recognized on CRN MSP 500 List for Second Year in a Row
For the second year in a row, GraVoc has been recognized on the CRN® MSP 500 list in the Pioneer 250 category!
PCI SAQ Types: Which SAQ is Right for Your Business?
In this blog post, we provide an overview of the SAQ types for PCI DSS v4.0 and how to select a PCI SAQ that’s right for your business.