A malware has been stealing HTTP cookies to perform fraudulent actions on Facebook, Twitter, Instagram, YouTube and other sites, which include generating non-legitimate “follows”, “views” and “likes.”
Known as the Linux/Moose, the malware primarily targets Linux-based consumer routers and infect other Linux-based embedded systems. Once infected, the compromised devices are used to steal unencrypted network traffic and offer proxying services for the botnet operator.
“Linux/Moose is a novelty when you consider that most embedded threats these days are used to perform DDoS attacks,” explains Olivier Bilodeau, Malware Researcher at ESET.
According to ESET researchers, this type of malware has the capabilities to reroute DNS traffic, which enables man-in-the-middle attacks from across the Internet. Moreover, the threat displays out-of-the-ordinary network penetration capabilities compared to other router-based malware.
Moose also has DNS hijacking capabilities and will kill the processes of other malware families competing for the limited resources offered by the infected embedded system.
“Considering the rudimentary techniques Moose employs to gain access to other devices, it seems unfortunate that the security of embedded devices is not taken more seriously by vendors. We hope that our efforts will help them to better understand how malicious actors are targeting their devices,” concludes Bilodeau.