02 Jun 2017
Corporate computers and networks beware! Fireball, a new Chinese malware, has already infected 20% of corporate networks and 250 million computers around the world.
Fireball is a browser hijacker. It can reset your homepage and change your default search engine. That may sound like nothing more than an annoyance, but it includes a tracking pixel that can collect your data. It goes beyond that, though, creating a backdoor to allow the execution of code and the download and distribution of more malware.
The culprit behind this mass infection is Rafotech, a digital marketing company out of Beijing. They’re using it to change homepages to their website and to collect people’s data. While those actions are relatively tame, Fireball leaves the door open for a lot of abuse.
It’s not yet known how the malware has become so pervasive, but Fireball is bundled with Rafotech software and can be unwittingly installed with downloadable freeway. 5.5 million instances of it have been found in the US. Of all the business networks affected, US business networks make up almost 11%. India and Brazil have been hardest hit, with 43% and 38% respectively.
If your homepage has inexplicably changed and/or you’re having a hard time changing it, it could be a sign of Fireball infection. You should also look to make sure your default search engine is the one you set it to and if there are any browser extensions you don’t recognize. If you suspect you’ve been hit with Fireball or any other sort of malware, give us a call.