New Delhi: A Chinese malware named ‘Fireball’ has hit 25 crore computers worldwide, infecting them with malicious code designed to change the default search engine. The malware further tracks the infected computer’s web traffic on behalf of a Beijing-based digital marketing firm called Rafotech. The malware also has the ability to remotely run any code on the victim’s machine.
The installed malware, Fireball, takes over target browsers and turns them into zombies. Fireball has two main functionalities: the ability of running any code on victim computers–downloading any file or malware, and hijacking and manipulating infected users’ web-traffic to generate ad-revenue. Currently, Fireball installs plug-ins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware.
Rafotech uses Fireball to manipulate the victims’ browsers and turn their default search engines and home-pages into fake search engines.
This redirects the queries to either yahoo.com or Google.com. The fake search engines include tracking pixels used to collect the users’ private information. Fireball has the ability to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines; this creates a massive security flaw in targeted machines and networks.