5 Warning Signs of a Fireball Malware Infection - iCorps

Browser-hijacking malware, Fireball, has infected 250 million computers worldwide and 5.5 million systems here in the United States. Approximately 9% of US corporate networks are currently affected by the Fireball adware.... and don't even know it. Read on to learn what this potentially devastating threat could mean for your company and how to look out for warning signs that you've been infected.

What We Know So Far

  • The malware is allegedly spread by Rafotech, an illegitimate Chinese digital marketing firm. 
  • Fireball takes over browser settings such as your default search engine, and installs various plugins that drive ad revenue for Rafotech.
  • Myth-busting fact: both Windows AND Mac browsers are affected (sorry, Apple lovers). 
  • Mostly spread through "bundling," which means the malware attaches itself to programs during user installation.
  • Since Fireball is not a true virus, the program cannot be detected by anti-virus software. However, it can be found and uninstalled.

Check out the flow chart below to get a better sense of how machines are infected by Fireball:

fireball flowchart.png Source: Check Point 

So far, this fast-moving malware has spread to over 20% of corporate networks worldwide in a very short amount of time. While losing control of your browser settings is a nuisance, the real threat lies in the power of this particular malware, once it gains access to your machine. Fireball has the capacity to spy on its victims, in turn efficiently dropping more malware and stealing sensitive information, endangering businesses and individuals on a global level.

Related: What is a Vulnerability and Why Should You Care?

5 Warning Signs You Might be Infected

  1. Homepage settings. Your browser homepage was not set by you and cannot be modified.
  2. Search engine. Was your search engine Google, and now it's switched to Bing? If your default search engine has changed and you can't change it back, that is a telling symptom of Fireball. 
  3. Browser extensions. If you notice strange icons in your browser extensions, this is likely a direct result of the Fireball malware taking control of your machine, adding programs that you may struggle to delete.
  4. Pop-up advertisements. No one likes pop-up advertisements, especially when you are trying to be productive during the work day. If you've noticed an influx of unnecessary pop-up ads, it may be time to look more closely at the issue.
  5. Performance issues. A poorly performing PC is frustrating and can slow down anyone's day. While there are any number of reasons for a slow machine, it is very possible that the issue is Fireball malware, particularly if the issue does not clear up by rebooting the machine, clearing the cache, etc.

Since Fireball has primarily been spread through bundling, remember to take precautions when installing free software and make sure to uncheck any optional installs that look unfamiliar. Additionally, you should also take steps to scrub your system with anti-malware software and be on the lookout for the warning signs listed above. Cyber crime has become a multi-billion dollar industry and any form of malware should be taken seriously and dealt with proactively. We stress the importance of employee education to protect your company from growing threats like this Fireball malware, spear phishing and ransomware.

Unlike last month’s disastrous WannaCry Ransomware attack which alerted its victims immediately by encrypting data, the insidious nature of Fireball could go almost unnoticed. However, while the overall danger level of Fireball has been declared low (for now), infected machines and networks are still at a greater security risk and should stay aware of this potential threat.  

If cybersecurity is a priority for your company, check out these 3 Tools to Boost Your Cybersecurity Posture. 

New Call-to-action

Related Topics:
Beware of These 6 Ransomware Tactics and Cyber Scams
Tips for Protecting Yourself Against Ransomware
The Business Guide to Ransomware