Earlier this month, threat intelligence researchers at Check Point discovered a high volume Chinese threat operation that has affected more than 250 million computers worldwide. This operation is being run by a large digital marketing agency based in Beijing called Rafotech. The malware, name “Fireball”, has two main functionalities. The primary use is the malware’s ability to hijack and manipulate the victim’s web browser to generate revenue by injecting advertisements for which Rafotech collects fees from traffic. After the ad injection, the users are redirected to either yahoo.com or google.com, but not before tracking pixels are deployed to collect users’ private information. The second, and potentially more harmful use of Fireball, is that once installed it can be used to drop other malware onto the infected system. Given the current statistics, this creates the potential for a massive cyber-security incident should this capability be leveraged for malicious purposes.
The top infected countries that are being affected by Fireball are India, which has about 25.3 million infections, and Brazil which has about 24.1 million infections. Fireball is another malware strain to add to the list of threats that business and individuals alike face. Just last month, the WannaCry ransomware attack struck more than 150 countries affecting over 200,000 computers. Make sure that you are keeping your computer and network updated to avoid any vulnerabilities. Below are some instructions to check if you have been infected with the latest Fireball malware. To check if your computer has been infected with the ‘Fireball’ malware, simply open your browser and check your homepage. If your homepage was not set by you, or you cannot change it to your preferred homepage, you may have the malware. Another sign that you have been hacked is if your default search engine is not one that you had set or if you have any suspicious browser plugins or extensions.
If you believe your business or organization may have been infected with the Fireball malware, contact a certified GraVoc Information Security specialist below or at (978) 538-9055.
Related articles
The NSA Cybersecurity Guide for Remote Workers
In this blog post, we cover a few key recommendations for remote workers from the NSA guide, ‘Best Practices for Securing Your Home Network.’
GraVoc Recognized on CRN’s 2023 MSP 500 List
CRN®, a brand of The Channel Company, has named GraVoc to its Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2023!
The Cybersecurity Implications of ChatGPT
Is ChatGPT a security risk? In this blog post, we explore the cybersecurity implications of ChatGPT, including the benefits and challenges.
