Moose Malware Targets Home Routers

Security researchers have uncovered a malware that targets poorly protected home routers.

The malware, known as "moose", attempts to take over home routers by trying thousands of weak passwords.

Once it has taken over a device, the malware grabs login details when people visit social media channels such as Twitter, Facebook, Instagram and YouTube.

These credentials are then used to artificially inflate followers and viewer numbers.

Researchers Olivier Bilodeau and Thomas Dupuy from security firm Eset wrote a report detailing their findings. They said: "This threat is all about social network fraud."

The malicious file containing its attack code has been called Elan, which is French for Moose.

The malicious worm is said to work its way around the internet, "aggressively" seeking out vulnerable devices. The researchers said so far some of the routers thought to be vulnerable to Moose are made by Actiontec, Hik Vision, Netgear, Synology, TP-Link, ZYXL and Zhone.

In their analysis, the researchers saw the worm being used to set up bogus accounts on social networking sites and then use stolen network credentials to add fake "likes" and "follows".

The researchers said it was hard to gauge the exact numbers of routers that had been compromised because of the steps the creators of Moose took to prevent detection. They estimate that tens of thousands of routers are potentially vulnerable to the malware and many of those devices might already be infected.

The malware was first spotted in 2014 and is thought to have been active ever since.

The researchers also pointed out that the weak passwords that Moose exploited were used on many different devices and not just on home routers, warning that medical equipment and smart home systems might also be affected by Moose.

print this article

Return to internet news headlines
View Internet News Archive

Share with: