The next Ransomware threat is here – Fireball

Posted By on June 11, 2017

Wannacry ransomware took over millions of computers before it was annihilated. The fatal flaw was in the ransomware’s own code. Once discovered it was a simple matter to kill the malware. However the entry point in Windows and Mac computers remains and is about to be attacked by a new version of Ransomware. This one is a bit different – it’s semi-legitimate but could prove just as costly.

Security firm Check Point Threat Intelligence has discovered this new high volume malware threat, called Fireball. Unlike WannaCry, this threat makes no attempt to conceal the source, a large Chinese marketing company called Rafotech. It has two main functions:

  • Fireball allows entry of other malware, onto your computer.
  • Fireball outputs responses from your computer that appear as if you clicked on advertising, generating fake advertising hits and revenue for advertisers.

By the end of May, over 250 million computers were infected. The worst hit countries were India at an estimated 10.1% and Brazil at an estimated 9.6% of computers. Fireball infects machines running Windows or Mac OS.

Fireball is semi-legitimate software that operates by turning home pages and default web search pages into fake pages, directing the user to ads or sponsored content rather than free content. So far, Fireball has only been used to generate fake web traffic but it has the potential to redirect the user to malicious sites or allow entry of spyware.

Fireball is spread through a marketing technique called “bundling”. Rafotech conceals Fireball in a collection of other software, like games etc, that would appeal to users. Accepting what you think is only a game, means you get the booby prize too – Fireball.

How to detect if you are infected with Fireball:

Checkpoint has compiled a list of symptoms that will identify an infection. If you can’t do each of the following, you are probably infected:

  • Start up you browser. Was the Home page set by you? Go to your settings and change it. Shut your browser and restart it. Does the new page you set, appear?
  • Was the default search engine in your browser, set by you? Can you change it or any of the extensions?


Creating software that is difficult to remove would place any company is danger of costly legal action worldwide. Because Fireball is semi-legitimate, Rafotech has covered their legal backsides by packaging it as stand alone software. So remove is the same as for any other programs:

  • On Windows, you can do this from your Programs and Features list in the Windows Control Panel.
  • On Mac, locate the Applications in Finder and drag the suspicious program to the Trash.

Note that you have removed Fireball but not anything else it may have let in. You should complete the removal process by running a full virus and malware scan with up to date antivirus and malware software.

About The Author is the online voice of a collection of consumer advocates working independently to represent people who would otherwise be unheard. We speak for those who are bullied by corporations and don't realise they can have a say.


Comments are closed.