A Russian Cyber Espionage Group Is Using Britney Spears’ Instagram To Control Its Malware

CERT-LatestNews Malware Security News SocialEngineering ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic

Russian hackers are finding innovative ways to infect people’s computers. Security researchers have uncovered a Russian cyber espionage group known as Turla, that’s using comments on Britney Spears’ Instagram to hide locations for command and control (C&C) servers of one of its Trojans.

Image courtesy: ESET

Image courtesy: ESET

Believed to be the cyber arm of Russian intelligence, ESET researchers say Turla is experimenting with a Firefox extension Trojan, just part of a larger arsenal of hacking tools at its disposal.

A Trojan is a malicious computer program that hacks into a computer by pretending to be another software. The name comes from the Trojan horse the Greeks used to infiltrate the city of Troy. The Trojan in question here is a Firefox extension that’s been spotted on compromised websites. When a user visits one of these websites, they’re asked to download the extension, which is misleadingly name HTML5 Encoding. The Trojan then downloads other malicious software, in this case one to create a backdoor in the system, allowing it to report back on the activities of the computer. While this malware isn’t being spread by force, the Trojan has been spotted on numerous websites, including that of a Swiss security company.

ESET researchers realised this particular Firefox extension was downloading a backdoor known as Skipper, one commonly used by other Turla malware. However, aside from previous cyber espionage campaigns carried out by Turla, ESET believes this particular Trojan is just a test.

According to ESET, the malware in question uses a Bit.ly short URL that connects it to its C&C servers. Command and Control servers are what’s used to control malware or botnets, either run directly by the malware’s creators or running on compromised systems. The weird part is that this particular URL directs the Trojan to check the comments on a photo uploaded to Britney Spears’ Instagram and search for a comment with a hash value of 183 (hash values represent large amounts of data as much smaller numeric values). The researchers say that only one of the comments matches that value, and it contained hidden characters used to resolve the C&C domain, thus redirecting the malware so it could receive orders.

This particular Firefox extension is quite intrusive, capable of letting Turla read a directory’s content, download and upload files from and to the C&C server, and execute files on the infected computer; very basic features compares to other backdoors Still, it’s thankfully only been used about 17 times so far.

Don’t Miss

PROMOTED STORIES

CRITICSUNION

10 Indian Divas Who Never Got Married

www.bleubloom.com

6 Jobs That Probably Won’t Be Around in 10 Years

Skip and Giggle

What Melissa Sue Andersion Looks Like Now is Insane

TrendyPeek

You Won’t Believe Allen Iverson’s Net Worth

Auto Overload

25+ Perfectly Timed Photos That Almost Broke The Internet

Ancestry

There Are 7 Types of Irish Last Names – Which One Is Yours?

http://www.indiatimes.com/technology/news/a-russian-cyber-espionage-group-is-using-britney-spears-instagram-to-control-its-malware-323509.html

Tagged