Since the spread of WannaCry ransomware attack the cyber security community is doing whatever it takes to identify new threats against unsuspecting users. The recent discovery by security researchers is a threat to both Windows and Mac users.

Checkpoint has recently revealed a new malware at large which goes by the name of “Fireball.” The malware has infected over 250 million computers up till now worldwide and has been created by a Chinese company in an attempt to generate revenues through forced browser advertisement.

More:  Hackers Selling Undetectable Proton Malware for macOS in 40 BTC

What is Fireball?

Fireball is essentially an adware that has the potential to completely crash your system and allow the attacker to spy on your web browsing patterns. That is, the virus can spy on your search behavior and probably retrieve personal information and data.

However, Fireball, as experts claim, is far more dangerous as it is an advanced form of malware that has backdoor Trojan capabilities. This means that the adware can be used to drop malware which can be used to steal private information.

Researchers say that adware today, has evolved significantly and that this alone allows the attackers to inject any malware into the victim’s computer without any hindrance.

How does it work

Rafotech, which is the Chinese company behind this campaign, has been using the adware to redirect traffic to certain search engines and using it to advertise its products.

Essentially, the adware is used to inject advertisements in browsers simply, and the virus comes enshrouded in other downloadable software created by the company.

Hence, if you happen to install free software, the adware gets in your system where it can easily install various plug-ins in your browser and toggle with your browser’s settings in any way the attacker wants.

As such, it is likely that your home page will be different from the one you set and you will not be able to change it as well.

Your default search engines will be replaced with fake ones. These fake search engines will redirect you to Yahoo or Google whenever you type in a search query.

However, the primary purpose of the adware is to track down your search behavior for advertising purposes. As such, the adware uses pixel tracking system to gather relevant information.

More:  The good old NTFS bug in Windows strikes back but with a different name

20 percent of corporate networks hacked

According to the most recent reports, among the computers infected, 20 percent belong to large corporate networks in various countries. Primarily, India has been affected the most with 25.3 million infections found while U.S is mildly hit with 5.5 million infections.

Over 250 million computers worldwide have been  infected: specifically,  25.3 million infections in India (10.1%), 24.1 million in Brazil (9.6%), 16.1 million in Mexico (6.4%), and 13.1 million in Indonesia (5.2%). The United States has  witnessed 5.5 million infections (2.2%), according to Checkpoint’s analysis.

How to find out whether your computer is infected and how to remove it?

Common signs indicating that your computer is infected include not being able to change your homepage and different browser settings from the ones that you set as default.

To remove almost any adware, follow these simple steps:

For Windows users:

  1. Uninstall the adware by removing the application from the Programs and Features list in the Windows Control Panel.

For Mac OS users:

  1. Use the Finder to locate the Applications
  2. Drag the suspicious file to the Trash.
  3. Empty the Trash.
More:  10 Powerful But Not Yet Promoted Antivirus for PC, Mac, Android, iPhone

Source: Checkpoint | Image Credit: Shutterstock/Picotan


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Jahanzaib Hassan