There are very few countries which emanate threats globally, with China being one of them. Fireball is a legitimate software since it is digitally signed by the very organization which has developed it, however it also bundles up malicious binaries and browser extensions.
Traditionally, ad-wares were never considered to be malicious, since their sole intention was to redirect traffic and bombard the user with advertisements, and furthermore, these ad-wares were always bundled with other legitimate software, so that unsuspecting users ended up installing them too. Besides, there exists Pay-Per-Install (PPI) revenue sharing model between the developers and the bundled software providers. Due to the fact that they piggyback on a popularity of legitimate software, this association is profitable for all the stakeholders.
Fireball, not just installs an ad-ware, but also manipulates the victims default browser search engine to fake ones, which in turn redirect the search query to Yahoo.com or Google.com. However, these fake search engines do a lot more than simple redirect, they track the users and they can spy on their victims too by dropping and executing malwares.
The concern around Fireball is that the adware it installs after downloaded to a device, is capable of installing malwares using backdoor. This in turn could be used by cyber criminals to exploit and use to push malicious codes or exploits to create large scale attacks or disruptions. Though adware installation by various software download applications are seen as an accepted practice by the end-users, however the Fireball issue could be different than what meets the eye, which is a huge concern with its largest install base of more than 250 million devices worldwide.
eScan’s Advisory suggests the below precautions to be implemented for such attacks in the ever growing complex cyber threat landscape:
- eScan recommends using an adware scanner to scan if there is anything wrong with the browser
- Once you found the adware in the system, go to Programs and Features list in the Control panel of Windows OS to uninstall the program
- MacOS users should user finder to locate and uninstall the application. After that empty the trash to delete the compromised file
- Go to your browsers and explore tools and extensions to uninstall anything suspicious
- Do a regular check for any unauthorized or suspicious browser extensions and plug-ins to make sure your homepage and search engine are the ones that you have set
- Always opt for custom installation and then de-select anything that is unnecessary or unfamiliar
The information provided above will help you to protect your system from being victim of Fireball malware.