Save Your Computers From Being Gutted by Chinese Malware Fireball

This adware is targeting Asian countries to make money through advertisements in the browser

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

There are many types of malware that can make the systems vulnerable to their attack. Malware attack seems to make headline every month for all the wrong reasons. A few weeks back it was WannaCry ransomware attack that was in the news because it had infected over 150 countries and 200,000 computer systems worldwide. Recently, a security firm Check Point discovered that a high volume Chinese threat operation has infected over 250 million computers worldwide and 20 % of corporate networks. The installed Chinese malware called Fireball has taken over target browsers and turns them into zombies. The firm also said that the top infected countries by the malware are India (10.1%) and Brazil (9.6%)


The recent cyber attacks have again raised the topic of protecting the system against any kind of malware in the future. Entrepreneur India spoke to Manan Shah, Founder & CEO, Avalance Global Solutions and Mohan Gandhi,CEO at Entersoft Security to understand how different Chinese Fireball is from WannaCry and steps to save the infected systems.

Malware's Key Purpose Is To Make Money Through Browser Advertisements

Gandhi explained that the Fireball malware is a threat to Indian consumers and it makes ad revenues by hijacking browsers of the users. Although Fireball malware is currently a browser hijacker, it has potential to be executed as a full blown malware to encrypt, control user machines remotely and even to launch DDOS attacks.

"Currently, India stands as the most affected nation by Fireball, as per Checkpoint records. Also, it makes sense for Fireball to look at targeting Asian countries predominantly as the malware's key purpose is to make money through advertisements in the browser. Run as a campaign directly or indirectly through Rafotech, all the advertising campaigns are targeting for ad impressions in Asia," he said.

However, he further added that removing this malware is a pretty easy process.

"Users can manually remove infected malware from the Windows and Mac OS machines. Latest anti-viruses have updated malware signatures required for combating Fireball," he said.

India Hasn't Seen Any Cases Of Encryption From Fireball

As per Gandhi, WannaCry is significantly different from Fireball. WannaCry has shown significant losses to the users by encrypting the important information. Fireball takes over the browser by installing plugins to help digital agencies make money through adware.

"India hasn't seen any cases of encryption from Fireball. There was extortion in WannaCry and Fireball doesn't necessarily ask ransom from users. It makes money on its own," he added.

The New Adware Operates Silently

Shah feels the new type of adware is relatively difficult to recognize and tackle as users most often do not even realize its presence. The adware operates silently, by altering the search engine or the home page and while the changes are noticeable, users are likely to attribute it to the new design rather than treat it as a threat. Also, the nature of the adware, as it comes with licenses, makes it difficult to prove it as a threat and a hack.

Shah further shared tips in order to check if your system is infected with this malware or not.

"Open your browser and check if the homepage or search engine has been changed automatically. If it has been changed then there are chances that your system is infected with the malware. In this case, go the Control Panel from Windows and select Programs and Feature list. Search for the suspicious looking adware from it and then delete it," he explained.

He further stressed that the WannaCry Ransomware is a kind of cyber attack that involves hackers taking control of a computer system and blocking access to it until a ransom is paid. Whereas, the Fireball malware is designed to hijack browsers to change the default search engine and track their web traffic.