Story image

Oops, Turla did it again - hackers target Britney Spears' Instagram account

09 Jun 17

A backdoor trojan has been lurking in the comment sections of Britney Spears' Instagram posts and the hacking group Turla may be the culprit.

ESET has given details on Turla's 'watering hole' attacks, which targets popular websites to grab as many people as it can.

The malware uses a JavaScript backdoor hidden behind a bit.ly link to reach its Command & Control (C&C) server.

That backdoor hides inside Firefox extension which was distributed through a Swiss security website that had been compromised. Anyone who visited the website was asked to install the extension, putting together another piece of the puzzle for C&C communications.

In Febuary the malware was spotted lurking in Britney Spears Instagram posts, showing that Turla actors are experimenting with social media as a way to communicate with its C&C servers.

According to ESET, "The extension uses a bit.ly URL to reach its C&C, but the URL path is nowhere to be found in the extension code. In fact, it will obtain this path by using comments posted on a specific Instagram post. The one that was used in the analysed sample was a comment about a photo posted to the Britney Spears official Instagram account".

Behind the scenes, the extension scans photo comments and generates hash values that, if matched to a specific hash, generates the bit.ly url.

Luckily bit.ly URLs have easily accessible tracking information, and ESET says there were only 17 clicks in February. ESET says the low number of clicks possibly indicates a test run of the backdoor.

For those trying to stop malicious attacks through the web, life has become harder because it's difficult to tell what traffic is genuine and what traffic is malicious.

It also gives Turla "more flexibility when it comes to changing the C&C address as well as erasing all traces of it. It is also interesting to see that they are recycling an old way of fingerprinting a victim and finding new ways to make the C&C retrieval a bit more difficult."

Royole's FlexPai: So bendable phablets are a reality now
A US-based firm called Royole is delivering on that age-old problem of not being able to fold up your devices (who hasn't ever wished they could fold their phone up...)
Hands-on review: Having fun in Knowledge is Power: Decades and Chimparty
They don’t revolutionise social video gaming, but they are enjoyable enough to occupy you during a wet weekend. 
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
Tile's Mate & Pro Bluetooth trackers land in NZ
If your car keys (or your tablet) have disappeared into the void at the back of the couch or if you left them somewhere in your car, retracing your steps to find them could be a thing of the past.
Government still stuck in the past? Not on GovTech's watch
What exactly is GovTech and what’s been happening in our capital city?
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.
Hands-on review: The iPhone Xs
The iPhone Xs is a win that brought numerous new and exciting features to the market.
How much does your Amazon Prime Video subscription really get you?
For our NZ$8.90 per month, the average cost per title is US$0.00126 - but we only really get a choice of 416 TV shows and 4321 movies. Choice is a little bit limited compared to other countries.