Fireball Browser Hijack

Fireball is a form of malware orchestrated by Rafotech, a Beijing-based digital marketing agency, that has infected up to 250 million Windows and MacOS computers, according to Check Point software.

Once it infects a computer, Fireball takes over the PC’s browsers and turns them into zombies, enabling the Fireball Browser Hijack malware to run any code on the infected computer as well as hijacking and manipulating the web traffic of the infected PC to help generate fraudulent ad revenue.

The Potential Damage Caused by the Fireball Browser Hijack Malware

Fireball will modify a user’s homepage within a web browser as well as the default search engine the browser users. It additionally prevents any attempts to change these settings back. Fireball’s fraudulent search engines also include tracking pixels that will stealthily collect data about infected users’ browsing activities and use this information for marketing purposes.

Fireball Browser Hijack

Source: Check Point Software

The Fireball Browser Hijack will install browser plugins and make changes to browser settings to help boost advertisements as well as conduct potentially more serious activities such as spying and reporting on the activity of users on infected PCs, downloading and executing additional malware on infected computers, and distributing malware to other computers.

Original Estimate of Fireball Infections Overblown?

Security firm Check Point discovered the Fireball browser hijacking operation on June 1st, 2017, and its initial analysis claimed that Fireball was being secretly installed on computers as part of free software downloads provided to unsuspecting users.

While Check Point originally estimated Fireball had infected 250 million computers, follow-up analysis from Microsoft published on June 22nd reported this estimate was “overblown,” with Fireball attacks not as widespread as initially reported, and the company also reported subsequent Fireball reinfection rates have been low.

How to Tell If Your System Has Been Infected by Fireball

To check if your system has been infected by the Fireball Browser Hijack or another form of malware, Kaspersky Security recommends checking your browser’s home page and the default search engine to see if they have been changed from their original settings.

If these settings have changed or if you’re unable to modify the settings for either your home page or default search engine, your system may be infected by malware, in which case an internet security solution will likely be needed to detect and disinfect the malware.

Forrest Stroud
Forrest is an experienced, entrepreneurial and well-rounded professional with 15+ years covering technology, business software, website design, programming and more.

Top Articles

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Reviewed by Web Webster Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...

Hotmail [Outlook] Email Accounts

Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...

Merkle Tree

Merkle trees—or hash trees—are cryptographic algorithms allowing for the efficient validation...

Nimble CRM

Nimble CRM is a social CRM (customer relationship management) with sales and marketing...

What is Insightly CRM?

Insightly CRM is customer relationship management (CRM) software that focuses on an intuitive,...