Linux Malware Allows Routers On Facebook And Twitter Defraud

Linux / Moose Overview

Researchers have discovered a new form of Linux malware that tries to take over routers subsequently on social networks like Facebook, Twitter, YouTube, Instagram and other sites to commit fraud with. The malware is called Moose ( pdf ) and scans the internet in search of Linux routers with an accessible Telnet service. Once found, will perform a brute force attack to gain Telnet access to the router.

Moose will modify the DNS in the event of a successful attack, steal the unencrypted network traffic to and from the router, perform man-in-the-middle attacks and offer proxy services for the malware creator. In practice, the malware will steal HTTP cookies from the aforementioned social networking sites to perform with fraudulent actions, such as "track", "view" and "like" of users and content on the websites.

In addition, the malware infected routers will also be used to scan for new vulnerable systems. According to researchers from the Slovak anti-virus company ESET malware is remarkable, because most Linux malware going around and it has developed features on routers to perform DDoS attacks. ESET also denounces the security of routers to be desired and allows this type of malware can strike.

"Witness the primitive techniques Moose used to access other devices, it is unfortunate that the security vendors of routers do not take seriously", say the researchers conclude. That also recommend IT experts to check the routers acquaintances on firmware updates and safe settings if they are nearby.