Russian Malware Operation Linked To Britney Spears' Instagram

Coded messages on her site were tied to the Turla hacker control server.
What's hiding in your Instagram account, Britney?
What's hiding in your Instagram account, Britney?
Eduardo Munoz / Reuters

Oops, they did it again. Russian hackers that is, this time hiding a sophisticated malware operation in Britney Spears’ Instagram account.

A gang of Russian hackers notorious for spying on foreign governments, diplomats and military facilities has come up with a clever back-door Trojan marriage between their operation and social media — most notably Spears’ Instagram, according to Slovakian cyber-security firm ESET, which discovered the ruse.

The account — hopefully — wasn’t being used to target victims. Rather, it was used as a kind of camouflaged command center for the Turla hacker system. Comments posted to the site linked to a central server that sent instructions and trafficked hacked stolen data to and from computers infected by malware. Hacking operations can often be shut down once the command-and-control server is located. But Spears’ Instagram account served to veil the operation because it functioned as a third-party relay system.

For example, a nonsensical comment posted to the Spears’ Instagram (and since deleted) — “#2hot make loved to her, uupss #Hot #X” — was essentially a code that included a string of characters creating a link to a command-and-control hacker server, according to a blog post by ESET. If that server had been tracked down, other links could have been posted to a replacement server. Such coded “comments” providing a server link can easily hide in an Instagram account with 17 million followers. The Spears photo with the coded message had more than 2,000 other messages.

This page included a now-deleted coded link to a command-and-control hacker server.
This page included a now-deleted coded link to a command-and-control hacker server.
Britney Spears Instagram

ESET discovered the operation in February, and managers believe what was found may have been part of a series of tests for a new operation launch.

Turla last made news in 2014 when cyber-security experts identified the Wipbot Windows malware that infiltrated the internet systems of the embassies and governments of a number of Eastern European nations, Ars Technica reported.

For the nuts-and-bolts of the complicated hacker scam, check out ESET’s blog post here.

Go To Homepage

Popular in the Community