A malicious worm that targets poorly protected home routers has been uncovered by security researchers.
The “moose” malware tries to take over home routers by trying thousands of weak passwords.
Once it has taken over a device, the worm grabs login details when people visit Twitter, Facebook, Instagram, YouTube and other social sites. These credentials are then used to artificially inflate followers and viewer numbers.
The malicious program got its name because the file containing its attack code is called elan – French for moose.
The malicious worm travels the internet “aggressively” seeking out vulnerable devices. So far, said the pair, some of the routers made by Actiontec, Hik Vision, Netgear, Synology, TP-Link, ZyXEL, and Zhone have been found to be vulnerable to moose.
In their analysis, the researchers saw the worm being used to set up bogus accounts on social network sites and then use stolen credentials to add fake “likes” and “follows” to those accounts.
Instagram, Twitter and Vine were the three sites most widely abused by this bogus liking system.
It is hard to gauge the exact numbers of routers that had been compromised because of the steps moose’s creators took to prevent detection. It is estimated that tens of thousands of routers are potentially vulnerable to moose and many of those devices might already be infected. Moose was first spotted in mid-2014 and has been active ever since.
The weak passwords that moose exploited were used on many different devices, not just home routers. Researchers warned that medical equipment and smart home systems might also be susceptible to infection by moose.
