Security researchers have discovered a massive malware campaign that has already infected more than 250 million computers across the world, including Windows and Mac OS and 20% of corporate networks globally. A Chinese digital marketing company named Rafotech is behind this malware.
Dubbed Fireball, the malware is an adware package that takes complete control of victim’s web browsers and turns them into zombies, potentially allowing attackers to spy on victim’s web traffic and potentially steal their data.
However, Fireball also can be turned into a fully functioning malware downloader, and is capable of executing any code on the victim machines. That means it can carry out a wide range of actions, including stealing credentials and loading ransomware.
For now, it seems focused on adware. Fireball manipulates victims’ browsers and turns their default search engines and home pages into fake search engines, which simply redirect the queries to either yahoo.com or Google.com to generate ad revenue. According to Alexa’s web traffic data, 14 of these fake search engines are among the top 10,000 websites, with some of them occasionally reaching the top 1,000. Fireball also installs plug-ins and additional configurations to boost its advertisement activity. Fireball has turned out to be virulent, with an enormous infection rate. The biggest proportion of infections are in India, Brazil and Mexico, and there are more than 5.5 million in the US.
The good news is that Fireball can be removed from PCs by uninstalling the adware using Programs and Features list in the Windows Control Panel, or using the Mac Finder function in the Applications folder on Macs.
Max Total Security for windows and Mac Total Security detects and removes this malware.