A Russia-linked cyber espionage group used a Britney Spears Instagram to spread malware

CERT-LatestNews Malware ThreatsCybercrime ThreatsStrategic

Britney Spears performs on stage during the 102.7 KIIS FM's Jingle Ball 2016.Britney Spears performs on stage during the 102.7 KIIS FM’s Jingle Ball 2016.

Image: Broadimage/REX/Shutterstock

A sophisticated hacking group believed to be connected with the Russian government appears to have tested some new malware … in the comments of a Britney Spears Instagram photo. 

*sigh* 2017.

Information technology research group ESET spotted the malware hiding in a comment that looks pretty much like any other spam on a Britney Spears photo.

ESET's screengrab of the Britney Spears comment, highlighting malware comment.

ESET’s screengrab of the Britney Spears comment, highlighting malware comment.

The malware didn’t get a lot of play, but the effort seems to be a test for the cyber espionage group known as Turla, according to ESET. Once a user opens the malware link, the site asks the user to download a Firefox extension that seems harmless enough, but is actually a trojan. Once installed on the user’s computer, the trojan relays the user’s activity back to Turla. 

This particular strategy is known as a “watering hole” tactic, in which hackers attempt to infect a group of users by the leaving malware on a site those users frequently visit. By dropping malware in a comment on the social platform, hackers were encouraging unwitting Instagram users to infect themselves.

Using social media to conduct a cyber attack is not only something many social media users wouldn’t expect, it also allows the attackers to delete the content associated with the link. 

Bottom line, as ESET concluded: Update your plug-ins, folks, and don’t download random things from strange places.

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f633%2fc03aa011 0e4e 4938 9d4d 41d6b8bd6a51