After Judy, Fireball malware infects over 250 million computers
01:34AM Sun 4 Jun, 2017
The malware Fireball has reportedly infected more than 250 million computers worldwide, can take control of internet browsers, spy on victim’s web use and is capable of stealing personal files.
According to a Check Point blog, a cybersecurity firm, the operation is linked to Rafotech which is a Chinese firm and claim to provide digital marketing and game apps to 300 million customers. It is allegedly using Fireball to manipulate victim’s browsers, change search engines, and steal user data.
One has to forget the legitimacy, it has the ability to run the code, download files, install plug-ins, change computer configurations, spy on users and even act as an efficient malware dropper.
As per a report by IBT, the software can not be uninstalled and can hide its true nature.
“It doesn’t take much to imagine a scenario in which Rafotech decides to harvest sensitive information from all of its infected machines, “the checkpoint team wrote.
“The full distribution of Fireball is not yet known, but it is clear that it presents a great threat to the global cyber-ecosystem. With a quarter billion infected machines and a grip in one of every five corporate networks, Rafotech’s activities make it an immense threat,” it says.
Check whether your system is clean
There are many ways to check if your system is infected with Fireball malware. First, open your Internet browser and check if you are able to change it to another one such as Chrome, Firefox or Explorer. Secondly, check your default search engine and ensure that can also be changed. Finally, scan all your browser extensions.
“If you are unable to modify the options this is a sign that you’re infected with adware,” Check Point said.
How to remove Fireball malware
It may be removed from PCs by uninstalling the adware from Programs and Features in Windows Control Panel or by using Mac Finder function in the Applications folder on Apple devices. All impacted users should restore their internet browser to default settings.