Britney Spears may be the only thing standing between us and the collapse of the American republic.
According to a new report on Gizmodo, security experts discovered that Russian hackers are using the pop star’s Instagram account to test malware intended for espionage.
Researchers found that the Russian-speaking hacker group known as Turla has been parachuting into the comments section of Spears’s Instagram to give a malicious backdoor trojan a spin. How it works: Victims receive a message to install a seemingly harmless Firefox extension on their computer named “HTML5 Encoder.” Once installed, it gives the hacker complete access to the user’s machine.
How Britney works into this: Hackers left an encoded comment on one of her Instagram posts. The malware on the victim’s computer searches the post, finds the comment and converts it to a URL that the hackers can use to target that computer and suck stolen information up into one of their repositories, known as a C&C (for “command and control”).
The geniuses who discovered this are from an organization called ESET; they found the Firefox-extension malware on a Swiss security company’s website. They have alerted Firefox, which says they’re working to disable the extension.
“The fact that the Turla actors are using social media as a way to obtain its C&C servers is quite interesting,” writes Jean-Ian Boutin. “This behavior has already been observed in the past by other threat crews such as the Dukes. Attackers using social media to recover a C&C address are making life harder for defenders… it is difficult to distinguish malicious traffic to social media from legitimate traffic.”
There’s no word, or working theory, as to why the hackers chose Britney’s account for the test.
The takeaway: When encountering popups encouraging you to install harmless-seeming programs, do as you might when encountering Britney Spears in person, and exercise caution.
