Moose Malware Uses Linux Routers For Social Network Fraud

  /     /     /  
Publicated : 22/11/2024   Category : security


Moose Malware Uses Linux Routers For Social Network Fraud


Linux/Moose is sophisticated enough to do DNS hijacks, DDoSes, and deep network penetration...so why is it wasting its time on Instagram?



A new worm targeting Linux routers is exploiting them not through a vulnerability per se, but rather by simply brute-forcing weak passwords, according to
researchers at ESET
. The malware, which researchers have dubbed Linux/Moose, could be used for a wide variety of purposes -- including DNS hijacking, DDoSing, and deep network penetration -- but so far attackers only seem to be using it for tame social networking fraud.
Moose intercepts unencrypted network traffic and its main payload is a generic proxy service. It could be adapted for all manner of nefarious activities. Yet so far, as far as researchers can tell, its just been used to steal HTTP cookies on social network sites and then perform fraudulent activities. Nothing as sinister as blackmail or full-blown identity theft, mind you -- just fraudulent likes, follows, and creation of new accounts.
ESET researcher Olivier Bilodeau says that this confused the ESET team. Why go through so much effort to get followers on Instagram? he says.
Their theory now is that there is money to be made. Companies already pay marketing firms to pump up their social networking reach and activity; code like Moose could be a powerful tool in the hands of a marketing associate looking for an edge.
Mooses modus operandi wasnt the only thing that struck researchers as strange. It also doesnt have a persistence mechanism.
What we think is, they dont need it, says Bilodeau. As he explains, the attackers must either find it very easy to regain access to a target router -- brute-forcing access from a static list of 300 username/password combinations -- or they achieve everything they want to so quickly that they have no need to return.
Its kind of scary not to care about persistence, Bilodeau says.
Although Moose has been specifically targeting consumer Linux routers so far, its still a concern for enterprises, Bilodeau says. One reason: home office workers may connect through poorly configured consumer routers. Also, Moose affects not just routers, but a host of other devices with embedded Linux systems -- and Moose-infected routers regularly scan for all those other Linux systems.
It will scan every interface it has, says Bilodeau, spread past the Internet into the intranet, which allows it to spread to places that are not usually reachable.
What the operators could do, he says, they know the source of the infection ... they could activate other kinds of [malicious] features.
It is difficult to tell how prevalent Moose is, and Bilodeau says the malware is built to make it that way. As ESET explains in the research report:
There is no peer-to-peer protocol, [Moose] uses a hardcoded IP address instead of DNS for C&C, and even though the backdoor is listening on the Internet on port 10073 to offer its proxy service, only IP addresses in a whitelist are allowed to connect. Another reason for our lack of success is the lack of security tools ecosystems (like Anti-Virus) on embedded systems. Finally, the hosting providers where the C&C are located were relunctant to cooperate, which didn’t help.
Bilodeau says he received an email from one hosting provider this morning, so he is hopeful that ESET may be able to get a better idea of the prevalence of Linux/Moose soon. 

Last News

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Moose Malware Uses Linux Routers For Social Network Fraud