Fireball Browser Hijack

Fireball is a form of malware orchestrated by Rafotech, a Beijing-based digital marketing agency, that has infected up to 250 million Windows and MacOS computers, according to Check Point software.

Once it infects a computer, Fireball takes over the PC’s browsers and turns them into zombies, enabling the Fireball Browser Hijack malware to run any code on the infected computer as well as hijacking and manipulating the web traffic of the infected PC to help generate fraudulent ad revenue.

The Potential Damage Caused by the Fireball Browser Hijack Malware

Fireball will modify a user’s homepage within a web browser as well as the default search engine the browser users. It additionally prevents any attempts to change these settings back. Fireball’s fraudulent search engines also include tracking pixels that will stealthily collect data about infected users’ browsing activities and use this information for marketing purposes.

Fireball Browser Hijack

Source: Check Point Software

The Fireball Browser Hijack will install browser plugins and make changes to browser settings to help boost advertisements as well as conduct potentially more serious activities such as spying and reporting on the activity of users on infected PCs, downloading and executing additional malware on infected computers, and distributing malware to other computers.

Original Estimate of Fireball Infections Overblown?

Security firm Check Point discovered the Fireball browser hijacking operation on June 1st, 2017, and its initial analysis claimed that Fireball was being secretly installed on computers as part of free software downloads provided to unsuspecting users.

While Check Point originally estimated Fireball had infected 250 million computers, follow-up analysis from Microsoft published on June 22nd reported this estimate was “overblown,” with Fireball attacks not as widespread as initially reported, and the company also reported subsequent Fireball reinfection rates have been low.

How to Tell If Your System Has Been Infected by Fireball

To check if your system has been infected by the Fireball Browser Hijack or another form of malware, Kaspersky Security recommends checking your browser’s home page and the default search engine to see if they have been changed from their original settings.

If these settings have changed or if you’re unable to modify the settings for either your home page or default search engine, your system may be infected by malware, in which case an internet security solution will likely be needed to detect and disinfect the malware.

Forrest Stroud
Forrest Stroud
Forrest is a writer for Webopedia. Experienced, entrepreneurial, and well-rounded, he has 15+ years covering technology, business software, website design, programming, and more.

Related Articles

Software Environment

A software environment is a collection of programs, libraries, and utilities that allow users to perform specific tasks. Software environments are often used by...

ClickUp

ClickUp is a cloud-based work and project management platform that enables teams to manage tasks, collaborate in real-time, gain insights via reporting, and more....

Chunk (Data Chunk)

A chunk, also called a data chunk, by RFC2960 SCTP (Stream Control Transmission Protocol) standards, is the term used to describe a unit of...

Blog Search Engine

A blog search engine is specifically focused on finding content in the blogosphere. Blog search engines only index and provide search results from blogs...

Agile Project Management

Agile project management enables business teams to approach their projects and tasks with...

Private 5G Network

A private 5G network is a private local area network (LAN) that utilizes...

Rich Communication Services (RCS)

Rich communication services (RCS) is a mobile messaging approach in which session initiation...