Security researchers at ESET have released a lengthy report on the Moose malware, a worm that affects Linux-based home routers and embedded gadgets. Attackers appear to have assembled a large botnet of compromised devices through weak passwords.

According to the report, Moose does not install backdoors or rootkits. The goal of the attack appears to be social media fraud. Moose intercepts web cookies and uses them to hijack social media accounts. The schemers apparently deploy the botnet as a social media tool, auto-generating likes, views, and other popularity indicators for a price.

The Register quotes a report from the Rapid 7 security firm stating that 50,000 routers are infected with the Moose worm. Most of the attack traffic targets Twitter and Instagram.