As news of the latest global malware called Fireball has been reported by publications including InfoSecurity Magazine, we were concerned. Based on several reports, the Fireball malware has infected up to 20% of corporate networks and over 250 million devices. Several sources have also reported that it can be traced back to a digital marketing agency in China.
Our threat team tested the 8 samples listed on Checkpoint’s blog to give us a threat report.
BluVector successfully flagged the following eight hashes:
BluVector also provided the three hashes that appear to be benign:
2579DF066D38A15BE8142954A2633E7F – This is a legitimate Microsoft SysInternals utility. It is signed with a valid Microsoft digital signature. The signature has expired, but this is consistent with the file being released by Microsoft in September 2014.
5BCE955CF12AF3417F055DADC0212920 – This is the QQBrowser released by Tencent. It is also signed with a valid and current Tencent digital signature. QQBrowser can be considered a potentially unwanted application. In this case it is not malicious.
66E4D7C44D23ABF72069E745E6B617ED – Another legitimate Microsoft utility signed with a valid Microsoft digital signature. While the signature has expired, this is consistent with the file being released by Microsoft in 2016.
The good news for current BluVector customers is that their already installed devices were already capable of detecting Fireball within in their environments.
About Threat Report
BluVector’s Threat Report is written by BluVector’s expert security team, tasked with identifying the latest cybersecurity threats in the wild and when our solution would protect customers from those threats. Read more Threat Reports here.