From WannaCry to XData. From XData to Judy. Now, from Judy to Fireball: outbursts of malware have gradually become more frequent than researchers would like to. Fireball is a Chinese malware variant which could be indicated as a combination of adware and a browser hijacker. The infection will modify browsers’ preferences and assign a rogue search engine: this function suggests that it is a browser hijacker. However, the malware also prepares to take control over users’ web traffic for the purpose of increasing ad revenue. This means that the number of online promotions will significantly increase and constantly disrupt your online sessions.
Check Point researchers have indicated that Rafotech is utilizing Fireball for their financial benefits, but the company denies such accusations. However, 250 million of affected computer devices would suggest otherwise. The parasite is indicated to have the capacity of monitoring users’ activity and finding out their personally-identifiable information.
The company could exploit these confidential details for future fraud. Victims could suffer from identity theft, financial losses or infections with additional malware samples. As it appears, Fireball could not only aim to generate revenue from ads, but to also transmit malicious samples.
Rafo Tech is a familiar name: we have actually wrote multiple articles about the rogue search engines that this company has produced. Mobsearches.com, FullSearching.com and Mystart.dealwifi.com are one of the samples that could invade your browsers. Somehow, the leading target of this malware: computer devices from India. In this country, there currently are 25.3 million of affected devices. India and Brazil are going neck-in-neck, as the latter country has 24.1 million of compromised systems. Of course, this is not a competition and countries would be pleased to see that the number of infected devices would be zero.
Other countries that have become manipulated by Fireball malware include Mexico, Indonesia and United States. Apparently, not a single country from Europe was targeted. There are a couple of features that indicate an infection with this Fireball malware. One of them is the modification of your browsers’ preferences. Victims will be transferred to a rogue search engine by Rafotech. This site will also be noticed as browsers’ home pages, default search providers and new tab pages. Additionally, the number of advertisements you normally witness will double if not triple.
It is astonishing that Fireball has managed to infect such a high number of computer devices. If you are from the earlier-mentioned countries, please check your browsers’ preferences. If they are redirecting you to unknown search engines, you should not hesitate to remove the infection. Since the virus has capacities to distribute other malware samples, we advise you to make the elimination process a top-priority right now. Until such an unknown search engine and its parasite remains in your system, avoiding visiting domains that require your credentials or online banking information.
Source: darkreading.com