Britney Spears: Malware planted in singer’s Instagram page

Screenshot of Britney Spears' Instagram accountImage copyright Instagram
Image caption Comments on the photo-sharing site were crafted to help control the malware

The comments section of Britney Spears’ Instagram account has been used by cyber-thieves to co-ordinate attacks.

Security firm Eset found the gang controlled its malware, called Turla, by posting comments about images in the singer’s gallery.

The comments looked like spam but once transformed by code in the virus, directed victims to other sites.

Several other compromised websites were also being used to track victims and spread the malware.

Digital detective work

Turla has been active since 2014 and sought to catch out government workers, diplomats and other officials, said Eset researcher Jean-Ian Boutin. It is believed to be run by a hacker group working for the Russian state.

Most often, he said, Turla’s handlers compromised websites that targets would be likely to visit.

One compromised server asked visitors to install a booby-trapped extension for the Firefox web browser.

Digital detective work by Mr Boutin revealed that the command and control (C&C) channel set up between the creators of the extension and victims’ machines was on the singer’s Instagram page.

The malicious extension searched for comments that, when digitally transformed, matched a specific value. These were then converted into a website address that the compromised machine visited to report in or to update the malicious code they harboured.

Very few comments posted to the Instagram account had the key characteristics – suggesting that Turla’s creators were testing or refining the control system.

Mr Boutin said using social media in this way made “life harder for defenders”.

“Firstly, it is difficult to distinguish malicious traffic to social media from legitimate traffic,” he wrote. “Secondly, it gives the attackers more flexibility when it comes to changing the C&C address as well as erasing all traces of it.”

View the original article:

Mr Boutin added that he had been in touch with Mozilla, which was working on ways to stop extensions for Firefox being compromised in this way.

In the same category are

Sally Anne Bowman killer Mark Dixie jailed for more attacks Image copyright PA Image caption Eighteen-year-old Sally Anne Bowman was murdered in south London in 2005 The murderer of model Sally Anne Bowman ...
Katie Rough death: Teen detained for life for killing Image caption Katie was found seriously injured near playing fields in York in January A 16-year-old girl has been detained for life for killing s...
Egypt Sinai: Bomb and gun attack on mosque ‘kills 54’ Image copyright EPA Image caption The militants targeted a mosque in Bir al-Abed west of al-Arish Suspected militants have launched a bomb and gun...
‘Indiana Joan’: 95-year-old accused of looting Middle East tombs Image copyright AFP Image caption At least one of Mrs Howard's digs was at the Saqqara necropolis, south of Cairo A 95-year-old Australian woman h...
Black Friday and Cyber Monday: top tips Image copyright Getty Images Black Friday is well under way and the bargains will flow thick and fast all weekend - right up until the next sales pe...
Poldark star Aidan Turner is heading to the West End Image caption Aidan Turner famously bared his torso in the first series of Poldark Poldark actor Aidan Turner is to swap his scythe for a cut-thro...

Dont forget to “Like” us on Facebook

Need something to share, visit our sister site for the

‘News in the last 30 days”

in a clear concise package ….


If you are an artist or interested in art, visit our art website and read about todays artscene and browse some of our artist profiles


Comment on this story