Russian Hackers Lurk in Britney Spears' Instagram

Instructions for malware hidden in spam-like comments
By John Johnson,  Newser Staff
Posted Jun 8, 2017 8:22 AM CDT
Russian Hackers' New Tool: Britney Spears' Photos
Britney Spears arrives at the MTV Video Music Awards in Los Angeles in 2015.   (Photo by Jordan Strauss/Invision/AP, File)

Britney Spears has become the unwitting accomplice of Russian hackers. It seems that one group in particular, called Turla, puts comments on her Instagram posts that seem like spam but are actually a kind of hidden code that provide instructions for its malware, reports security company ESET. As Engadget explains, it is clever but complicated, but it doesn't mean that browsing Britney's Instagram will infect your computer. In the example cited by ESET, the since-deleted comment on this photo supposedly came from asmith2155 and read, "#2 hot make loved to her, uupss #Hot #X." That comment, however, was actually an encrypted message that, once deciphered, helps infected systems communicate with the Turla mothership.

In this case, the actual malware was in a Firefox browser extension masquerading as a security feature. But once in place, that malware needs to communicate with its "command and control" server to get instructions on what to do and how to send stolen data. A post at Boing Boing takes it from there: "Turla moves the C&C server around, then hides the current address of the server in encrypted comments left on Britney Spears's image posts," it explains. "The compromised systems check in with Spears's Instagram whenever they need to know where the C&C server is currently residing." In the constantly evolving cat-and-mouse game between hackers and security systems, it's a safe bet the strategy already has changed. (Maybe these are the "patriotic" hackers Vladimir Putin was talking about?)

Get the news faster.
Tap to install our app.
Install the Newser News app
in two easy steps:
1. Tap in your navigation bar.
2. Tap to Add to Home Screen.