Security specialists ESET has discovered a new threat from the Linux/Moose malware family that is generating fake activity on social networks, the company announced today.
Linux/Moose is a malware family primarily targeting Linux-based consumer routers, but it is also known to infect other Linux-based embedded systems, ESET explains.
Once compromised, devices are used to steal unencrypted network traffic and offer proxying services for the botnet operator. The malware then steals HTTP cookies to perform fraudulent actions, such as generating non-legitimate ‘follows’, ‘views’ and ‘likes’ on Facebook, Twitter, Instagram, YouTube and other sites.
This family of malware reroutes DNS traffic, enabling man-in-the-middle attacks from across the internet. Moreover, the threat displays out-of-the-ordinary network penetration capabilities compared to other router-based malware. Moose also has DNS hijacking capabilities and will kill other malware families competing for the limited resources offered by the infected embedded system.
“Linux/Moose is a novelty when you consider that most embedded threats these days are used to perform DDoS attacks,” explains Olivier Bilodeau, malware researcher at ESET.
“Considering the rudimentary techniques of Moose employed to gain access to other devices, it seems unfortunate that the security of embedded devices doesn’t seem to be taken more seriously by vendors.
“We hope that our efforts will help to better understand how the malicious actors are targeting their devices.”