After WannaCry ransomware, Fireball malware hits India: How to protect your devices
- Fireball hijacks browsers.
- It is capable of executing any code on the victim machines.
- 250 million computers across the world have been infected, out of which 25.3 million infections are in India.
"Fireball is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware," the Check Point blogpost explains.
The malware is said to be capable of remotely running any code on the victim's system and also download malicious files. 250 million computers across the world have been infected, out of which 25.3 million infections are in India. India is among the top three infected nations including Indonesia and Brazil.
"According to our analysis, over 250 million computers worldwide have been infected: specifically, 25.3 million infections in India (10.1%), 24.1 million in Brazil (9.6%), 16.1 million in Mexico (6.4%), and 13.1 million in Indonesia (5.2%). The United States has witnessed 5.5 million infections (2.2%)," the Check point blogpost states.
Rafotech, the Chinese company, uses Fireball to manipulate the victims’ browsers. Their default search engines and home-pages are turned into fake search engines. It redirects queries to either yahoo.com or Google.com. The fake search engines have tracking pixels which collect users’ private information. It can then spy on victims, execute any malicious code and eventually create big security flaws that are targeted at machines and networks.
How users can check if their browsers are infected, and what can be done to protect your system:
According to Check Point, to check if you’re systems are infected, users need to open their web browser. It further explains, "Was your home-page set by you? Are you able to modify it? Are you familiar with your default search engine and can modify that as well? Do you remember installing all of your browser extensions? If the answer to any of these questions is “NO”, this is a sign that you’re infected with adware. You can also use a recommended adware scanner, just to be extra cautious."
To remove the malware users will have to uninstall apps from Programs and Features list in the Windows Control Panel. Mac OS users will have to use Finder and locate applications, and then drag the suspicious ones into the trash. It is advised to scan and clean your systems with an adware cleaner and an anti-malware tool.
Users will have to remove the add-ons and extensions from their browser. Depending upon the browser (Chrome, Safari, Firefox or others) they are using, under Settings there will be the option to pull out the add-ons.