ESET Uncovers New Malware Threat, Linux/Moose Attacking Routers

Next story
San Diego, CA

Linux/Moose is a malware family primarily targeting Linux-based consumer routers, but it is also known to infect other Linux-based embedded systems. Once compromised, devices are used to steal unencrypted network traffic and offer proxying services for the botnet operator. The malware then steals HTTP cookies to perform fraudulent actions, such as generating non-legitimate "follows," "views" and "likes" on Facebook, Twitter, Instagram, YouTube and other sites.

This family of malware reroutes DNS traffic, enabling man-in-the-middle attacks from across the Internet. Moreover, the threat displays out-of-the-ordinary network penetration capabilities compared to other router-based malware. Moose also has DNS hijacking capabilities and will kill other malware families competing for the limited resources offered by the infected embedded system.

“Linux/Moose is a novelty when you consider that most embedded threats these days are used to perform DDoS attacks,” explains Olivier Bilodeau, malware researcher at ESET. “Considering the rudimentary techniques of Moose employed to gain access to other devices, it seems unfortunate that the security of embedded devices doesn’t seem to be taken more seriously by vendors. We hope that our efforts will help to better understand how the malicious actors are targeting their devices.”

To learn more, please visit this link to read ESET’s white paper on Linux/Moose. You can also find a blog and opinion piece on ESET’s discovery at


Since 1987, ESET® has been developing record award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit or follow us on LinkedIn, Facebook and Twitter.