Fireball Malware Hits 250 Million PCs Worldwide: How to Stay Safe


A new strain of malware, dubbed Fireball,  has been identified which has already infected north of 250 million computers worldwide and uses the infected device’s browser to forward the attacker’s goal.

The Fireball malware infects the attacked PCs browser which can then be used either to download additional malware or generate ad revenues via automated clicks.

According to a security report by CheckPoint, the malware has originated in China and is being run by a Beijing-based digital marketing agency — Rafotech.

The top two infected countries are India and Brazil with 25.3 and 24.1 million infected PCs, respectively.

“Fireball installs plug-ins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware,” the security researchers stated.

Although currently the Fireball malware is being currently used to generate ad revenue through fake clicks, it has the potential to give the attacker full access to your machine.

So much so, the attacker can spy on the infected PC, mine data from it and execute malicious code — in a way, the malware gives control of the PC to the attacker.

“Fireball has the ability to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, this creates a massive security flaw in targeted machines and networks,” the report added.

The malware switches the homepage of the infected computer’s browser into a Yahoo or Google lookalike fake search engine. These fake search engines also collect users’ information using tracking pixels.

In addition to India (10.1%) and Brazil (9.6%), the Chinese malware has also hit computers in Mexico (6.4%), Indonesia (5.2%) and USA (2.2%).

How to Check If Your PC is Infected?


The most straightforward way to check if your PC is infected is to open your web browser and check the homepage.

Is the search engine on the homepage something that you didn’t set? Are you unable to customise the search engine? And are there any browser extensions that you didn’t install?

If any of the above can be answered in affirmative, then you need to start getting worried.

“We believe that although this is not a typical malware attack campaign, it has the potential to cause irreversible damage to its victims as well as worldwide internet users, and therefore it must be blocked by security companies,” the security report concluded.

How to Remove the Malware?

Darker = More Heavily Infected (CheckPoint)

Windows users can try finding the adware via the Programs list in the Control Panel and uninstall it from there. Mac users can similarly locate the adware using the Finder and Trash the file.

However, there is a chance that the malicious programme can not be found using the program list, then you need to run a malware and adware scan on your PC.

Another thing to check is the extensions or add-ons on your web browsers and remove any that you don’t remember installing or suspect of being an adware.

You can also try resetting your browser and restore all the settings to default, getting rid of any add-ons and data in your browser cache.

Also See
#malware #security

Join the newsletter


Written By


Bike enthusiast, traveller, ManUtd follower, army brat, word-smith; Delhi University, Asian College of Journalism, Cardiff University alumnus; a journalist breathing tech these days.