Rafotech offers free games, apps and other products to their customers. Unfortunately, when this free software is installed, it will also install a copy of a malware program that security researchers are calling “Fireball.”
On its face, Fireball is a type of adware, and Rafotech is currently using it to generate revenue by injecting ads into users’ web browsers. However, according to security researchers at Check Point, a deeper analysis of the software reveals that it’s much, much more.
In addition to injecting ads into your browsing experience, Fireball also takes total control of all the web browsers installed on your computer. It can reassign your home page, and make it impossible for you to set it back, and worse, the software contains additional hooks that make it possible to install other types of malware at the company’s discretion.
The best way to look at Fireball is to see it as a ticking bomb. While it’s sitting there, displaying the occasional unwanted ad, it’s annoying, but not harmful. But any time the owners wish to, they can use their adware to initiate a much larger, more devastating attack.
Consider, for instance, what would happen if the company decided to push ransomware to all 250 million computers it infects, or if they chose to install keyloggers everywhere. They’re in a position to do significant damage with little more than the touch of a button.
Because of this, you should investigate your web browsers immediately. If you find yourself unable to change the browser’s settings, including changing your home page or default search engine, then odds are that you’ve been infected. You should make removing the unwanted software your top priority.
If you’re struggling to keep pace with all the threats your company is facing, contact us today and speak with one of our knowledgeable team members. We can help you chart a course to better and more robust data security, without further taxing your existing IT staff.