Security firm Check Point has discovered a Chinese malware operation that has infected millions of computers worldwide.

The malware, dubbed Fireball, may have already burned its mark on more than 250 million computers and can be found in 20 percent of corporate networks.

Fireball Outbreak: Here's What It Can Do

According to Check Point, Fireball is capable of taking over internet browsers and has two main functions.

The first function of Fireball is to run code that launch unauthorized tasks on infected computers, including downloading files and more malware. The second purpose is to hijack and manipulate the web traffic of the user's internet browser to generate advertising revenue for the attacks.

Fireball is run by Beijing-based digital marketing agency Rafotech, which uses the malware to manipulate the browsers of victims. The default search engines and home pages of compromised browsers are changed to fake search engines that redirect the queries to legitimate ones but come with tracking pixels that can collect the private information of users. Currently, Fireball installs plug-ins to boost Rafotech's advertisements, generating fake clicks and internet traffic.

The security threat of Fireball is further increased because it can spy on its victims, efficiently drop malware into systems, and execute malicious codes on compromised computers. As such, Rafotech, or hackers who find a way to take control of Fireball, could repurpose the malware from an advertising traffic booster into something more dangerous. Other possible uses for Fireball include collecting user information to sell to the black market and harnessing the compromised computers into a worldwide botnet.

Fighting Back Against Fireball

The major infection centers of Fireball are Brazil, India, and Mexico, but there are already 5.5 million infections detected in the United States. In addition, 10.7 percent of corporate networks in the United States have been infiltrated by Fireball.

For users to check if Fireball is present in their computer, they should first launch their internet browser. If the homepage was not set by the user or if it could not be modified, then it could be a sign that Fireball has compromised the system. Other signs that Fireball has infected the computer are if the default search engine is unfamiliar and could not be modified and if there are some unfamiliar browser extensions.

In such cases, users are recommended to launch a trusted antivirus program and run an adware removal tool. This should eliminate all traces of Fireball, which is mostly distributed by being packaged with free software.

According to Check Point research team head Maya Horowitz, all users are highly recommended to check if their computers are infected by Fireball and to take action if they are.

"Something behind this is fishy, and the intentions of the developers aren't only to monetize on advertisements," Horowitz said, adding that Rafotech has the ability to take Fireball to the next level whenever they want.

The news on Fireball comes just after Check Point discovered the Judy malware, which has infected up to 36.5 million Android devices. Even innocuous subtitle files are no longer safe from hackers, with the memory of the WannaCry ransomware still fresh on the minds of users.

ⓒ 2021 All rights reserved. Do not reproduce without permission.