Nothing is ideal, you are always vulnerable! The recent malware WannaCry, Chef Judy and vulnerabilities in streaming applications are trending over the internet. Within no time, Check Point has identified a new malware called Fireball. Check Point has stated that the infection campaign of this was initiated by a Beijing-based digital marketing agency called Rafotech. The campaign has affected 250 million computer across the globe.
What Fireball can do?
Fireball is an adware that exploits the web browser of the target. Just like Judy malware, Fireball also clicks on the targeted ads. But the horrifying thing is that Fireball can leak entire data that the target is accessing over the internet. This bursts the data security in every possible way! This malware creates new advertisements on the target device and redirects searches to obtain confidential data from the user. The most probable way to be attacked by this malware is installing web browser plugins from unknown sources. Though these are available from the stores of the respective browsers, there are not verified all the times. However, this verification does not provide 100% safety. It is user's responsibility to check twice before installing the plugin.
Infection flow of Fireball malware:
Check Point's advice to stay safe!
Check Point suggests the users to uninstall all the suspicious plugins from their browser and verify the existing ones. Also, users need to check their programs installed and uninstall the malware-related and unknown applications, in order to get rid of the Fireball malware.
Users are suggested to verify twice before installing any application or plugin from unknown sources.
Fireball is an adware that exploits the web browser of the target. Just like Judy malware, Fireball also clicks on the targeted ads. But the horrifying thing is that Fireball can leak entire data that the target is accessing over the internet. This bursts the data security in every possible way! This malware creates new advertisements on the target device and redirects searches to obtain confidential data from the user. The most probable way to be attacked by this malware is installing web browser plugins from unknown sources. Though these are available from the stores of the respective browsers, there are not verified all the times. However, this verification does not provide 100% safety. It is user's responsibility to check twice before installing the plugin.
Infection flow of Fireball malware:
- The Fireball malware can be spread in two ways - Through the Rafotech products and Through the browser-hijacker to freeware distributors.
- After the malware is installed in either one of the ways, it starts manipulating the available browsers of the victim computer. User's home pages and default search engines are changed into a Rafotech search engine. This is results in redirection of all the search queries from the normal search engines. In simple words to say, everything you search is "enrouted" to a target search engine.
- Later, the confidential information like password, pins will be sent to the attacker, putting the user personal data into risk.
- The malware can be dropped by the user explicitly or the attacker may drop it implicit to the mode of attack.
 |
| Fireball Infection Flow Image source: wwcftech |
Check Point suggests the users to uninstall all the suspicious plugins from their browser and verify the existing ones. Also, users need to check their programs installed and uninstall the malware-related and unknown applications, in order to get rid of the Fireball malware.
Users are suggested to verify twice before installing any application or plugin from unknown sources.
