A Russian group of hackers has found a way to hide their servers of espionage malware in comments section Instagram accounts. You would have never thought so but the group of hacker has targeted governments around the world hiding the malware nowhere else but in comments posted on Britney Spears‘ Instagram account.
According to a report released by an IT security firm, ESET Security outlined instances of malware hidden among over 7,000 that comments that were posted on an image uploaded by Britney Spears on her Instagram account. These otherwise spam looking comments are hideouts for espionage malware to locate the control server which sends instructions. From these control server, the malicious program drops stolen data to and from infected computers.
Per ESET’s report, Russian-speaking hacking group known as Turla placed the malware in a Firefox extension called HTML Encoding 0.3.7. The web-browser extension appears as an essential security tool but is otherwise masquerades aTrojan program within. Turla is known for programming espionage malware and has reportedly been troubling Russian governments for over two decades now.
So, how does the malware functions? Basically, if you have the aforementioned Firefox extension installed then you will bring to Britney’s Instagram photo post. This is when the malware run scans on comments and compute a unique hash value for each. Once its matches a value that totals up to 183, the comment is converted into a bit.ly URL. From here the server can take control of the computer and turn the device into a botnet. ALSO READ: Before WannaCry and Judy, these 5 malware attacks wreaked havoc globally
ESET found the Firefox extension spread throughout the website of an undisclosed security firm based in Switzerland. Researchers speculate the extension is an update to a previous one dubbed as Pacifier by Bitdefender. Good thing, ESET believes the Turla might just be running a tryout and no significant loss has taken place due to the espionage malware yet. Chances are since the information is out in open, Turla may give up with the hidden Firefox extension.