Story image

Oops, Turla did it again - hackers target Britney Spears' Instagram account

09 Jun 17

A backdoor trojan has been lurking in the comment sections of Britney Spears' Instagram posts and the hacking group Turla may be the culprit.

ESET has given details on Turla's 'watering hole' attacks, which targets popular websites to grab as many people as it can.

The malware uses a JavaScript backdoor hidden behind a bit.ly link to reach its Command & Control (C&C) server.

That backdoor hides inside Firefox extension which was distributed through a Swiss security website that had been compromised. Anyone who visited the website was asked to install the extension, putting together another piece of the puzzle for C&C communications.

In Febuary the malware was spotted lurking in Britney Spears Instagram posts, showing that Turla actors are experimenting with social media as a way to communicate with its C&C servers.

According to ESET, "The extension uses a bit.ly URL to reach its C&C, but the URL path is nowhere to be found in the extension code. In fact, it will obtain this path by using comments posted on a specific Instagram post. The one that was used in the analysed sample was a comment about a photo posted to the Britney Spears official Instagram account".

Behind the scenes, the extension scans photo comments and generates hash values that, if matched to a specific hash, generates the bit.ly url.

Luckily bit.ly URLs have easily accessible tracking information, and ESET says there were only 17 clicks in February. ESET says the low number of clicks possibly indicates a test run of the backdoor.

For those trying to stop malicious attacks through the web, life has become harder because it's difficult to tell what traffic is genuine and what traffic is malicious.

It also gives Turla "more flexibility when it comes to changing the C&C address as well as erasing all traces of it. It is also interesting to see that they are recycling an old way of fingerprinting a victim and finding new ways to make the C&C retrieval a bit more difficult."

Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
Audioengine’s Wireless A5+ are just bloody good speakers
I judge these speakers on the aspects that Audioengine boasts about - quality, streaming, simplicity and versatility
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.
OPPO aims to have 5G device launched by end of year
The Chinese smartphone manufacturer is working with Keysight Technologies to accelerate the development of their 5G smartphone.
LG makes TVs smarter with new AI processors
Latest TVs from LG use deep learning to enhance the video and audio output and introduces integration with Alexa.
Tesla wants people to hack its Model 3
Tesla is offering white hat hackers what could be the chance of a lifetime – the opportunity to hack one of its Model 3 vehicles.
Over 100 million smart home devices shipped in 2018
The smart home market is booming as consumers are looking for more ways to interact with their surroundings.
How to tackle cyber threats in your home
How should you start securing your devices? The company has provided tips for actions you can take across social media, home routers, TVs, and many more.