Fireball Adware PC
June 5, 2017 by

‘Fireball’ Adware Installs Backdoor in a Quarter Billion PCs, say Researchers

Security researchers at Check Point have claimed that a single adware malware is infecting as many as 250 million PCs worldwide.

Dubbed ‘Fireball’, the adware campaign is based on hijacking browsers to manipulate web traffic, effectively changing the default search engine and track their web traffic. If that seemed tame, the malware also has means to run any code on a victim’s machine. Such capability also enables the malware to download new malicious malware.

According to Wired, Maya Horowitz, head of the research team at Check Point stated:

A quarter-billion computers could very easily become victims of real malware. It installs a backdoor in to all these computers that can be very, very easily exploited in the hands of the Chinese people behind this campaign.

Upon monitoring the malware, the researchers discovered that the malware was tracking victim PC’s web traffic on behalf of Rafotech, a digital marketing firm based in Beijing.

The adware is typically distributed with freeware software where additional programs can be packed in unbeknownst to the user.

When installed on a machine, Fireball compromises the browser to redirect traffic from users’ search engines and home pages to a different search engine, a faux overlay of Google. This raises the theory of the developers behind the adware were intent on collecting ad revenue from web searches through their search engine.

The adware also notably employs tracking pixels, a tiny, pixel-sized image in the browser to track users’ web activity.

Fireball, researchers say, has compromised 25 million PCs in India, 24 million in Brazil and 16 million in Mexico. In the US, Fireball has infected 5.5 million PCs with 10 percent of US corporations affected. A similar percentage of corporations in France, Germany and the UK are thought to have at least one Fireball infected machine amongst their infrastructure, leaving it ajar for the possibility of a more destructive malware attack.

A simple way to uninstall the program is by heading to ‘Programs and Features’ in the Windows Control Panel. A general rule of thumb is to pay attention to any search engine redirects and uninstalling the extension, add-on or software causing it, before a complete antivirus scan.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

FTC Slaps $3.5 Million Fine on Lenovo for Superfish Adware

Laptop maker Lenovo has agreed to pay a $3.5 million fine for pre-installing adware on hundreds of...

Read more arrow_forward

Judy Malware May Have Affected 36.5 Million Android Devices

Researchers have discovered what could possibly be the “largest malware campaign found on Google...

Read more arrow_forward