|Type of Malware||Adware|
|Location – Country of Origin||Chinese|
|Date of initial activity||2015|
|Associated Groups||Chinese marketing company RafoTech and ELEX. Fireball appears to have been bundled with other software, including the P2P client QQBrowser, RSS reader BiksQRSS, and applications called Soso Desktop and FVP Imageviewer, among many others|
|Motivation||Fireball is a browser hijacker, which means it modifies your browser to serve its creator’s purposes. Also, Fireball has the ability to execute any code on the infected computer and download browser extensions or other software.|
|Targeted System||Email attachments, Phishing links, Drive-by downloads, Malware-infected websites|
Fireball, acts as a browser-hijacker but can be turned into a full-functioning malware downloader. Fireball is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
Fireball targets computers running Windows and macOS all over the world.
Tools/ Techniques Used
Fireball comes bundled with other software. When downloading an app, Fireball can automatically download to your device and doesn’t prompt users or give them a chance to opt out of the installation. The bundled adware doesn’t necessarily install at the same time as the freeware program you were interested in. The adware might be dropped in later, when you’re less alert to potential installation issues.
Impact / Significant Attacks
Fireball has infected 250 million computers running Windows and macOS all over the world. It can be found on one in every five corporate networks. Specifically, 25.3 million infections in India (10.1%), 24.1 million in Brazil (9.6%), 16.1 million in Mexico (6.4%), and 13.1 million in Indonesia (5.2%). The United States has witnessed 5.5 million infections (2.2%).