Report: Fireball Malware Infected 250M Worldwide
The threat intelligence firm Checkpoint released a report on the Fireball malware, a trojan that is often bundled with legitimate software and installed without the user's consent. Checkpoint alleges that this malware is an operation run by a Chinese digital marketing agency based in Beijing that uses it to direct victims to fake search engines. Fireball hijacks the user's browser and can download other malware, remotely execute code on the victim's system, and steal sensitive data, including credentials. Checkpoint's analysis revealed at least 250 million infections worldwide; the most infected countries are India and Brazil, but Checkpoint reports at least 5.5 million infections in the United States. The NJCCIC recommends user and administrators review the Checkpoint report and utilize the indicators of compromise or guidance provided to determine whether or not your systems are infected, and take the steps provided to remove the malware and malicious browser add-ons.