Story image

Oops, Turla did it again - hackers target Britney Spears' Instagram account

09 Jun 17

A backdoor trojan has been lurking in the comment sections of Britney Spears' Instagram posts and the hacking group Turla may be the culprit.

ESET has given details on Turla's 'watering hole' attacks, which targets popular websites to grab as many people as it can.

The malware uses a JavaScript backdoor hidden behind a bit.ly link to reach its Command & Control (C&C) server.

That backdoor hides inside Firefox extension which was distributed through a Swiss security website that had been compromised. Anyone who visited the website was asked to install the extension, putting together another piece of the puzzle for C&C communications.

In Febuary the malware was spotted lurking in Britney Spears Instagram posts, showing that Turla actors are experimenting with social media as a way to communicate with its C&C servers.

According to ESET, "The extension uses a bit.ly URL to reach its C&C, but the URL path is nowhere to be found in the extension code. In fact, it will obtain this path by using comments posted on a specific Instagram post. The one that was used in the analysed sample was a comment about a photo posted to the Britney Spears official Instagram account".

Behind the scenes, the extension scans photo comments and generates hash values that, if matched to a specific hash, generates the bit.ly url.

Luckily bit.ly URLs have easily accessible tracking information, and ESET says there were only 17 clicks in February. ESET says the low number of clicks possibly indicates a test run of the backdoor.

For those trying to stop malicious attacks through the web, life has become harder because it's difficult to tell what traffic is genuine and what traffic is malicious.

It also gives Turla "more flexibility when it comes to changing the C&C address as well as erasing all traces of it. It is also interesting to see that they are recycling an old way of fingerprinting a victim and finding new ways to make the C&C retrieval a bit more difficult."

IDC: Smartphone shipments ready to stabilise in 2019
IDC expects year-over-year shipment growth of 2.6% in 2019, while the world's largest market is still forecast to be down 8.8% in 2018.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
New app conducts background checks on potential tenants
Landlords and house owners need to obtain a tenant’s full name, date of birth, email address, and mobile number in order to conduct the search. And most importantly, they have to get the tenant’s permission first.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Meet Rentbot, the chatbot that can help with tenancy law
If you find yourself in a tricky situation  - or if you just want to understand your rights as a landlord or tenant, you can now turn to a chatbot for help.
PlayerUnknown’s Battlegrounds (PUBG) finally releases on PS4
PUBG on PS4 feels like it’s still in Early Access as the graphics look horribly outdated and the game runs poorly too. 
How AI can fundamentally change the business landscape
“This is an extremely interesting if not pivotal time to discuss how AI is being deployed and leveraged, both in business and at home.”