Britney Spears’ Instagram Photo Hid a Russian Malware Link in Comments

A very popular social networking app named Instagram which can allows users to share pictures and videos either publicly or privately. Recently, ESET Security Researchers have found a new kind of malware that uses Instagram to connect to its controllers.  They said the encoded command was masquerading as a normal comment, having tucked itself in plain sight amongst other comments on a Britney Spears Instagram photo.

About Comment Posting :

The comment has been posted by an account named asmith2155 with no posts and followers and now deactivated, hid a Web address to be deciphered step-by-step by the actual malware involving a Firefox extension and a JavaScript-based backdoor. This thing should be done by a Russian group named Turla that is known to operate a larger cyber espionage network.

What Happened Actually?

In this case, the malware went through all of the comments on Spears’ Instagram photo and computed a number, or a “hash,” for each one, while it looked for a specific hash. When it found the comment with the right hash, it would check it out for particular characters, grab the letters that came after those characters and turn them it into a link. That link would then let the malware connect to its controllers. Such a method allows the controllers to change where it meets up with the malware without having to change the malware itself.

Researchers said :

“Instead of giving the malware a specific key to a specific lock, programmers told the malware how to find places where keys would be hidden, leaving them free to change either lock or key on a whim.”

Leave a Reply

Your email address will not be published. Required fields are marked *