Hackers have created thousands of fake accounts on popular social media platforms like Instagram, Twitter, YouTube and Periscope, via an IoT botnet, using the Linux/Moose malware. Security researchers claim that fake social media accounts are created by hackers to randomly follow people and browse content, in efforts to make the bots seem more "human" and avoid spam filters.
According to security researchers, the Linux/Moose botnet is a "new generation" IoT botnet that operates on embedded systems such as routers, rather than computers. This makes the bot much more difficult to detect. The botnet can function on even limited computational power and specialises in "social media fraud".
According to a research paper titled "Ego Market: When People's Greed for Fame Benefits Large-Scale Botnets" Canadian researchers noted that 95% of the traffic coming from the Linux/Moose botnet's C&C (command and control) servers were directed towards various social networking websites by sending requests to log onto sites, create fake accounts and "endorse other accounts".
As much as 86% of Linux/Moose traffic was found directed towards Instagram, 8% towards Twitter and a little less than 3% towards Periscope, YouTube, Kiwi and Flipgram. Researchers also found email account creation requests sent to Gmail and Yahoo. The botnet created over 1,700 fake accounts on Instagram, but the researchers noted that 72% of the accounts were suspended by Instagram.
How to spot Linux/Moose botnet fake Instagram accounts
The researchers claim that the fake accounts created by the Linux/Moose malware use random numbers and letters as their usernames and have generic images such as those of "plants, buildings, landscapes or animals" as their profile pictures. The accounts also do not post anything and have no followers. However, they generally follow up to 822 people. The researchers also estimated that the "potential revenue" of a Linux/Moose bot was "$13.05 per month".
The researchers said: "Regardless of the botnet's overall profitability, the Linux/Moose botnet evolves in an inconspicuous ego market that is driven by normal people and does not attract the attention of law enforcement. This is the ideal situation for illicit online activity: running a stealthy, profitable botnet while advertising the services on the clear Web and selling them to normal people.
"No connection to the criminal underworld is needed and there are no direct victims, yet the money is generated through illicit activities. The Linux/Moose botnet participates in a clever scheme: it falls into an interstice that allows the botnet operators to continuously commit a computer crime and profit from it in total impunity."