Britney Spears’ Instagram account has been used by cybercriminals to co-ordinate attacks by posting comments about the singer’s images on the photo-sharing application.
The discovery was made by security firm Eset, which found the comments were used by the gang to control its malware called ‘Turla’.
In a post outlining the findings, Eset research Jean-Ian Boutin said that Turla had been active since 2014 and has been targeting governments, government officials and diplomats since.
The command and control (C&C) channel set up between the criminal creators of the extension and the victims’ hardware was on the international star’s Instagram page. The use of this tactic presents difficulties for ‘defenders’.
“Firstly, it is difficult to distinguish malicious traffic to social media from legitimate traffic,” said Boutin. “Secondly, it gives the attackers more flexibility when it comes to changing the C&C address as well as erasing all traces of it. It is also interesting to see that they are recycling an old way of fingerprinting a victim and finding new ways to make the C&C retrieval a bit more difficult.”