The Linux / Moose is a malware family originally targeting a router for Linux-based consumers but is also responsible for infecting other embedded Linux-based systems.
Once infected, the compromised Appliances είναι έτοιμες να κλέψουν μη κρυπτογραφημένα δεδομένα κίνησης δικτύου και να προσφέρουν υπηρεσίες διαμεσολάβησης στο χειριστή του botnet. More information about this phenomenon can be found in the detailed report "Dissecting Linux / Moose"At WeLiveSecurity.com.
Practically, these malicious features are used to steal HTTP cookies to perform phishing actions on Facebook, Twitter, Instagram, YouTube and other web-sites, which include the production of illegal "follows", "views" and "likes".
"Linux / Moose is an innovation if you think most of the embedded threats these days are being used to run DDoS attacks," explains Olivier Bilodeau, Malware Researcher at ESET.
In addition, according to ESET researchers, this kind of malware has the potential to re-route DNS traffic, which allows for man-in-the-middle attacks on the Internet.
Also, the threat appears to have capabilities for infiltrating the network beyond the usual compared to other router-attacking malware. Moose also has DNS-stealing capabilities and eliminates the processes of other malware families that compete for the limited resources offered by the infected embedded system.
“Considering the rudimentary techniques Moose uses to obtain access in other devices, it's unfortunate that embedded device security doesn't seem to be taken seriously by network product manufacturers. We hope that our efforts will help to better understand the ways in which malicious actors attack their devices,” concludes Bilodeau.
More information about Linux / Moose on the relevant blogpost at WeLiveSecurity.com, as well as in Graham Cluley's article: http://www.welivesecurity.com/2015/05/26/moose-router-worm.
