If you need to test your newly-written piece of malware, why not use Britney Spears’ Instagram?
To test out malware, Russian government hackers have allegedly linked to a ‘watering hole’ site to trap users. An ESET report detailed how Russian hackers tested out the malware on Britney Spears’ Instagram.
Basically, hacking group Turla created a backdoor trojan. Using an infected Firefox extension, it would access a target computer and trace their web activity, including sites visited, passwords, and other personal data.
Hackers would hide encrypted code inside Instagram comments. The code would then contact the malware’s command-and-control servers. Gizmodo explained how the method worked.
“But the real innovation, in this case, is the hackers using social media to contact their malware’s command and control (C&C) servers. These servers send instructions and act as a repository for stolen information. Using an encoded comment on Britney Spears Instagram post, the malware could find out what URL to use to meet up with the server without actually including that information in the code of the malware itself.”
The malware would scroll through Spears’ photos’ comments in search of instructions. Accordingly, user “asmith255” posted a seemingly unsuspicious comment in February.
“#2hot make loved to her, uupss #Hot #X.”
The extension would look at the comment and compute a custom hash value. The custom hash value, in turn, would retrieve the following bit.ly URL.
As it was only accessed a few times, ESET believes that the bit.ly URL was only used in tests. US authorities have long suspected the Russian government is running the Turla hacking group.
ESET has contacted Firefox’s developers. The browser’s developers will work on a fix to disable the extension.
The embedded comments pose no real threat to everyday users. Britney Spears has yet to issue a comment.
Image by (CC by 2.0)