FutureFive New Zealand - Consumer technology news & reviews from the future
New Zealand
Guides
#
drones
#
gaming
#
reviews
#
smartphones
#
virtual reality
Search
Story image
#
Cybersecurity
#
Malware
#
CIOs
Oops, Turla did it again - hackers target Britney Spears' Instagram account
Fri, 9th Jun 2017
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor
Follow us

A backdoor trojan has been lurking in the comment sections of Britney Spears' Instagram posts and the hacking group Turla may be the culprit.

ESET has given details on Turla's 'watering hole' attacks, which targets popular websites to grab as many people as it can.

The malware uses a JavaScript backdoor hidden behind a bit.ly link to reach its Command - Control (C-C) server.

That backdoor hides inside Firefox extension which was distributed through a Swiss security website that had been compromised. Anyone who visited the website was asked to install the extension, putting together another piece of the puzzle for C-C communications.

In Febuary the malware was spotted lurking in Britney Spears Instagram posts, showing that Turla actors are experimenting with social media as a way to communicate with its C-C servers.

According to ESET, "The extension uses a bit.ly URL to reach its C-C, but the URL path is nowhere to be found in the extension code. In fact, it will obtain this path by using comments posted on a specific Instagram post. The one that was used in the analysed sample was a comment about a photo posted to the Britney Spears official Instagram account".

Behind the scenes, the extension scans photo comments and generates hash values that, if matched to a specific hash, generates the bit.ly url.

Luckily bit.ly URLs have easily accessible tracking information, and ESET says there were only 17 clicks in February. ESET says the low number of clicks possibly indicates a test run of the backdoor.

For those trying to stop malicious attacks through the web, life has become harder because it's difficult to tell what traffic is genuine and what traffic is malicious.

It also gives Turla "more flexibility when it comes to changing the C-C address as well as erasing all traces of it. It is also interesting to see that they are recycling an old way of fingerprinting a victim and finding new ways to make the C-C retrieval a bit more difficult."

Related stories
Watch out! There are hidden dangers lurking in your PDFs
Review: Avast Ultimate Business Security - comprehensive to say the least
One wrong click can devastate your small business: so what can you do?
AI foundries & digital factories will change humankind, NVIDIA CEO says
Hands-on review: 2TB WD_Black SN770M NVMe M.2 2230 SSD
Top stories
Samsung unveils 2024 TV range, with AI-driven picture technology
AI is here to stay - share market fads versus trends
Game review: Children of the Sun (PC)
TVNZ launches innovative sports streaming service with MediaKind & Qibb
Sony launches ULT Power Sound series with artist Peso Pluma