malwareResearchers at ESET, a global leader in proactive digital protection, has discovered a new malware family, the Linux/Moose, which targets Linux-based consumer routers and infects Linux-based embedded systems in its path. The goal is to infect social network accounts such as Facebook and Twitter, so they can be used for fraud.

“Linux/Moose is a novelty when you consider that most embedded threats these days are used to perform DDoS attacks,” explains Olivier Bilodeau, Malware Researcher at ESET.

Indeed, Linux/Moose is built for deep network penetration, which allows the malware to spread past firewalls and eavesdrop on network communications to and from embedded devices. However, unlike most malware nowadays, Linux/Moose uses basic techniques to gain access to a device. As said, it is a malware family that primarily targets Linux-based consumer routers and infects other Linux-based embedded systems. Once infected, the compromised devices are used to steal unencrypted network traffic and offer proxying services for the botnet operator. In practice, these malicious capabilities are used to steal HTTP cookies to perform fraudulent actions on Facebook, Twitter, Instagram, YouTube and other sites, which include generating non-legitimate "follows", "views" and "likes."

“Considering the rudimentary techniques Moose employs to gain access to other devices, it seems unfortunate that the security of embedded devices is not taken more seriously by vendors. We hope that our efforts will help them to better understand how malicious actors are targeting their devices,” concludes Bilodeau.

According to ESET researchers, this type of malware has the capabilities to reroute DNS traffic, which enables man-in-the-middle attacks from across the Internet. Moreover, the threat displays out-of-the-ordinary network penetration capabilities compared to other router-based malware. Moose has in addition DNS hijacking capabilities that kill the processes of other malware families competing for the limited resources offered by the infected embedded system.

You can read more about this phenomenon in an in-depth security research paper on, titled ‘Dissecting Linux/Moose’ or a blogpost on

By MediaBUZZ