Fireball: Security researchers have discovered a new huge malware campaign that has infected more than 250 millions of computers worldwide, Windows and Mac OS.
The malware is called Fireball and is an adware package that takes full control of the victim's browser programs by turning them into zombies. This allows attackers to spy on the victim's web traffic and possibly steal their data.
Check Point researchers, who discovered this massive malware campaign, linked the company with Rafotech, a Chinese company that claims to offer digital marketing and game applications to 300 millions of customers.
The company uses currently Fireball to monetize by injecting ads into browsers. This particular malware can quickly transform and cause a massive disaster with major cyber incidents worldwide.
Fireball is accompanied by other free software downloads from the Internet. Once installed, the malicious program installs plugins into the browser so it can manage it. It immediately begins by replacing default search engines and home pages with bogus ones such as trotux [dot] com.
"It is important to remember that when a user installs free software, it does not mean that they are installing additional malware at the same time," say the researchers. "It is possible that Rafotech is using additional distribution methods, such as distributing free software under false names, or spam."
The fake search engine simply redirects the victim's queries to either Yahoo.com or Google.com and includes pixels monitoring that collect the victim's information.
Fireball is not legal and can spy on the victim's web traffic. It can run any malicious code on infected computers, install plug-ins, or run cost-effective malware that creates huge security flaws in targeted systems and networks.
"From techniqueIn this regard, Fireball exhibits excellent cloaking and qualitative evasion techniques, multi-layered structure, and flexible communication with C&C, just like a typical malware does,” the researchers report.
The Fireball adware hijacks users' web traffic to boost its owners' revenue from advertisements, but at the same time it also has the ability to distribute additional malicious programs.
"Based on the estimated contamination rate, one in five companies worldwide are vulnerable to a major breach," the researchers added.
