Tuesday, 26 May 2015

Facebook, Twitter, Instagram, YouTube hit by Linux/Moose Malware



ESET researchers caught Linux/Moose, a malware family primarily targeting Linux-based consumer routers, but also known to infect other Linux-based embedded systems. Once infected, the compromised devices are used to steal unencrypted network traffic and offer proxying services for the botnet operator. You can read more on this phenomenon in an in-depth security research paper titled ‘Dissecting Linux/Moose’ now available on ESET Ireland’s blog.

In practice, these malicious capabilities are used to steal HTTP cookies to perform fraudulent actions on Facebook, Twitter, Instagram, YouTube and other sites, which include generating non-legitimate "follows", "views" and "likes."

“Linux/Moose is a novelty when you consider that most embedded threats these days are used to perform DDoS attacks,” explains Olivier Bilodeau, Malware Researcher at ESET.

What’s more, according to ESET researchers, this type of malware has the capabilities to reroute DNS traffic, which enables man-in-the-middle attacks from across the Internet. Moreover, the threat displays out-of-the-ordinary network penetration capabilities compared to other router-based malware. Moose also has DNS hijacking capabilities and will kill the processes of other malware families competing for the limited resources offered by the infected embedded system.



“Considering the rudimentary techniques of Moose employed to gain access to other devices, it seems unfortunate that the security of embedded devices doesn’t seem to be taken more seriously by vendors. We hope that our efforts will help to better understand how the malicious actors are targeting their devices,” concludes Bilodeau.