Earlier this month, threat intelligence researchers at Check Point discovered a high volume Chinese threat operation that has affected more than 250 million computers worldwide. This operation is being run by a large digital marketing agency based in Beijing called Rafotech. The malware, name “Fireball”, has two main functionalities. The primary use is the malware’s ability to hijack and manipulate the victim’s web browser to generate revenue by injecting advertisements for which Rafotech collects fees from traffic. After the ad injection, the users are redirected to either yahoo.com or google.com, but not before tracking pixels are deployed to collect users’ private information.  The second, and potentially more harmful use of Fireball, is that once installed it can be used to drop other malware onto the infected system.  Given the current statistics, this creates the potential for a massive cyber-security incident should this capability be leveraged for malicious purposes.

The top infected countries that are being affected by Fireball are India, which has about 25.3 million infections, and Brazil which has about 24.1 million infections.  Fireball is another malware strain to add to the list of threats that business and individuals alike face. Just last month, the WannaCry ransomware attack struck more than 150 countries affecting over 200,000 computers. Make sure that you are keeping your computer and network updated to avoid any vulnerabilities. Below are some instructions to check if you have been infected with the latest Fireball malware. To check if your computer has been infected with the ‘Fireball’ malware, simply open your browser and check your homepage. If your homepage was not set by you, or you cannot change it to your preferred homepage, you may have the malware. Another sign that you have been hacked is if your default search engine is not one that you had set or if you have any suspicious browser plugins or extensions.

If you believe your business or organization may have been infected with the Fireball malware, contact a certified GraVoc Information Security specialist below or at (978) 538-9055.

Fill out my online form.

Related articles