Threat Database Botnets Moose Botnet

Moose Botnet

Botnets are harmless rarely, and their activity often ends up being problematic to either the owner of the infected device or to the target designated by the botnet's operators. For example, the Mirai Botnet was used to launch very large-scale DDoS (distributed-denial-of-service) attacks that took down websites and company networks offline, causing millions of dollars in losses. In other cases, botnets are used to mine for cryptocurrency, and all profits are sent to the wallets of the attacker. However, there appears to be an alternative strategy where a botnet can make money for its operators without causing direct harm to anyone. The authors of the Moose Botnet have done just that by using the devices they infect, to set up fake social media profiles that have the sole purpose of generating fake follows, subscriptions and likes.

The authors of the Moose Botnet are so no confident in the harmlessness of their activity that they have set up a public website offering customers to purchase various packages of followers and likes for different social media platforms. It appears that the Moose Botnet is most active when it comes to Instagram, but its authors also work with Twitter, Facebook, YouTube, Kiwi and other platforms.

The Moose Botnet Sets a Precedent with an Innovative Monetization Scheme

Often, botnet operators develop several variants of their malware that is able to work on different devices – the variant to be dropped is selected based on the infected device's architecture. However, the Moose Botnet works on IoT (Internet-of-Things) devices exclusively – its binaries are only compatible with the ARM and MIMS architectures. This limits the fingerprint that the botnet's activity leaves behind greatly, and it helps it stay under the radar since the owners of the devices will not notice anything out of the ordinary. Once a device is infected, the Moose Botnet can command it to create a profile on one of the supported social media pages, and then use it to generate fake follows, likes, etc. Such activity is very unlikely to be prosecuted by law enforcement agencies, and it's probably the main reason why the operators of the Moose Botnet have opted for this monetization strategy.

IoT devices often feature a vulnerable security configuration, and they are an easy target for cyber crooks who have the expertise and tools to launch large-scale attacks. The exact number of devices part of the Moose Botnet is not clear at the moment.

Internet-of-things botnets are likely to become a more common occurrence in the near future, and it is important to secure your devices by using strong login credentials, and applying all security patches and updates.


Most Viewed