Chinese "Fireball" malware infects almost 250 million computers

The furor over the recent spate of cyberattacks such as the much reviled ‘Wanna Cry Ransomware’ debacle has barely subsided, and yet another potential mass threat that possesses great potential for mischief and mayhem has surfaced.

Cyber security company Check Point Software Technology’s Threat Intelligence and various research teams have discovered a Chinese origin rootkit-like malware named ‘Fireball’ that has the capability to hijack browsers as well as install plugins and other software to enhance its capabilities on the target machines.

At the time, its main purpose seems to be driving traffic to specific websites for the purposes of generating ad revenue. According to the researchers, Fireball seems to be serving the business and traffic monitoring needs of Rafotech, a sizable digital marketing agency operating out of Beijing, China.

It replaces homepages and redirects to fake search engines riddled with tracking pixels to monitor and track the infected machine and relay back vital statistics and personal information. What makes Fireball potentially much more dangerous is that it can easily install other software on an infected machine, which opens up a Pandora's box with more sinister implications.

Another particularly alarming fact about Fireball is that the estimated number of infected machines is put at a whopping 250 million and that includes machines in corporate networks. As for the geographical spread of the infections, according to Check Point’s global sensors, India, Brazil, Mexico and Indonesia rank very high. Of corporate networks, hit rates in the US and even China are dangerously high.

As for protection measures: as always, prevention is better (and much easier) than the cure. Extreme care should be taken while installing any dubious freeware or plugins whose exact origin and purpose is not known, and all security software and operating systems should always be updated in a timely manner.

Source(s)