The “WannaCry” Ransomware emerged last month which infected over 250,000 computers and spread worldwide around in 150 countries. The attack was barely under control and yet another Malware infects millions of mac and windows devices.
According to report published by security firm Checkpoint, state that Fireball has infected one of every five network companies.
The report reveals that Fireball has infected (25.3 million – 10.1%) users in India, (24.1 million – 9.6%) in Brazil , (16.1 million – 6.4%) in Mexico, and (13.1 million – 5.2%) in Indonesia.
Surprisingly the team behind the attack doesn’t belong to any hacking group but the mastermind behind the spread of Fireball malware is a Chinese digital marketing company.Checkpoint claim in the report that Rafotech digital marketing is behind the attack.
Rafotech uses Fireball to manipulate the victims’ browsers and turn their default search engines and home-pages into fake search engines. This redirects the queries to either yahoo.com or Google.com. The fake search engines include tracking pixels used to collect the users’ private information.
Rafotech ‘secretly’ install Fireball to the user’s computer, where the company uses hidden monetization method known as bundling. “Once Fireball is installed on a device, Rafotech can manipulate browser and it can change the default search engine by replacing the main page of the browser to a fake search engine.”
The fake search engine can be used to track and collect users’ personal information. Fireball also trick a user to install plugins which increase the advertising revenue for Rafotech.
CheckPoint further explain in the report:
As with everything in the internet, remember that there are no free lunches. When you download freeware, or use cost-free services (streaming and downloads, for example), the service provider is making profit somehow. If it’s not from you or from advertisements, it will come from somewhere else.
The main functions of the fireball are that it has the ability to run any code on the infected computer and download files or malware and second it manipulate the web traffic of effected users to generate revenue from ads.
Although Fireball is not a big threat like WannaCry ransomware, it still significant dangerous. According to Check Point, Fireball is very sophisticated. Its ability to run any code on the infected device can steal important information without noticed by the user.