Story image

Oops, Turla did it again - hackers target Britney Spears' Instagram account

09 Jun 2017

A backdoor trojan has been lurking in the comment sections of Britney Spears' Instagram posts and the hacking group Turla may be the culprit.

ESET has given details on Turla's 'watering hole' attacks, which targets popular websites to grab as many people as it can.

The malware uses a JavaScript backdoor hidden behind a bit.ly link to reach its Command & Control (C&C) server.

That backdoor hides inside Firefox extension which was distributed through a Swiss security website that had been compromised. Anyone who visited the website was asked to install the extension, putting together another piece of the puzzle for C&C communications.

In Febuary the malware was spotted lurking in Britney Spears Instagram posts, showing that Turla actors are experimenting with social media as a way to communicate with its C&C servers.

According to ESET, "The extension uses a bit.ly URL to reach its C&C, but the URL path is nowhere to be found in the extension code. In fact, it will obtain this path by using comments posted on a specific Instagram post. The one that was used in the analysed sample was a comment about a photo posted to the Britney Spears official Instagram account".

Behind the scenes, the extension scans photo comments and generates hash values that, if matched to a specific hash, generates the bit.ly url.

Luckily bit.ly URLs have easily accessible tracking information, and ESET says there were only 17 clicks in February. ESET says the low number of clicks possibly indicates a test run of the backdoor.

For those trying to stop malicious attacks through the web, life has become harder because it's difficult to tell what traffic is genuine and what traffic is malicious.

It also gives Turla "more flexibility when it comes to changing the C&C address as well as erasing all traces of it. It is also interesting to see that they are recycling an old way of fingerprinting a victim and finding new ways to make the C&C retrieval a bit more difficult."

This Iron Man drone wants you to fly like a superhero
Iron Man must be one of the most popular superheroes of 2019 – because this year he has been transformed into a robot, and now he’s styled as his very own drone.
HP back on board with Emirates Team NZ
HP 3D print technology will supposedly help the team innovate at speed.
Do you use the Peel Smart Remote app? Delete or update it now
Peel Smart Remote could leak your personal pictures, information, and documents to an unknown server.
How printing solutions can help save the planet
Y Soft has identified five key ways organisations can become more economical and reduce their environmental impact.
Information is power when choosing electricity plans
While 90% of respondents knew their average power bill over the summertime, more than half didn’t know their kilowatt hour (kWh) price, or their monthly usage amount. 
A quick look at Haier & LG's take on the smart home revolution
Haier is going all-in on the smart home revolution – and it believes your home should be smart all the way from the laundry to the bedroom.
An 8K TV for $80,000? Samsung has you covered
8K televisions have landed in New Zealand, but they come with eye-watering price tags of up to $80,000.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.