MENU

 

The following information was obtained from the different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).

The information provided was classified as Restricted pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

The Fireball Chinese malware is currently being used as a browser-hijacker often installed through bundling, which means it is installed alongside a program the user wants to download but without the consent. This modifies the default start page for the browser as well as the default search engines to Rafotech search engine (a large digital marketing agency based in Beijing which has created the Fireball). It also utilizes tracking pixels to collect private information about the user and their browsing habits.

Fireball takes over target browsers and turns them into zombies. It has the ability of running any code on victim computer, downloading any file or malware and hijacking and manipulating infected user’s web-traffic to generate ad-revenue. Fireball installs plug-ins and additional configurations to boost its advertisements as prominent distributor for any additional malware. Also, fireball has the ability to spy on victims, perform efficient malware dropping and execute malicious code in the infected machines which creates a massive security flaw in targeted machines and network resulting in a wide range of actions from stealing credentials to dropping additional software nasties.


RECOMMENDATION

PNP personnel and the public are advised to follow the best practices listed below for security purposes in order to remove malware, once infected:

• To remove adware: (For Windows OS) Uninstall the adware by removing the application from the Programs and Features list in the Windows Control Panel; (For Mac OS) Use the Finder to locate the Applications, Drag the suspicious file to the Trash and Empty the Trash;
• Scan and clean your machine using anti-malware and adware cleaner software;
• Remove malicious add-ons, extensions or plug-ins form your browser; and
• Restore your internet browser to its default settings.


For additional information, please refer to the following websites:

http://blog.checkpoint.com/2017/06/01/fireball-chinese-malware-250-million-
infection/
https://blog.malwarebytes.com/cybercrime/2017/06/fireball-chinese-malware/
https://www.theregister.co.uk/2017/06/02/fireball_adware_menace/


POINT OF CONTACT

Please contact PCINSP ANGELICA STARLIGHT L. RIVERA, Chief, Personnel Records Management Section thru email address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.