Turns out alleged Russian hackers have an affinity for American pop culture. Particularly, pop princess, Britney Spears. But, they’re not listening to her hit record, “Baby One More Time.” They’re actually leveraging her Instagram account to further the distribution of malware.
According to a recent ZDNet article, researchers at Eset found that the hacking group Trula is leveraging a backdoor discovered in a fake Firefox extension. This allows hackers to post comments on social media sites, like Britney Spears’ Instagram account, that act as markers for malware looking to locate a roving command server. That command server then tells the malware where to deliver ransomware or to steal passwords.
While not the first time this method has been used, it highlights the ingenuity of these hackers. By utilizing malware that looks for social commenting, and then converting those planted comments into cryptographic hashes, the current address of the command server can be located. Researchers have noted that this method of hacking is particularly difficult to identify because it blends in with mainstream traffic. It also allows hackers to change the address of the command server quickly to avoid detection.
Want all the details on this latest attack, read the full article on ZDNet.