Britney Spears’ Instagram account has been used by cybercriminals to co-ordinate attacks by posting comments about the singer’s images on the photo-sharing application.

The discovery was made by security firm Eset, which found the comments were used by the gang to control its malware called ‘Turla’.

In a post outlining the findings, Eset research Jean-Ian Boutin said that Turla had been active since 2014 and has been targeting governments, government officials and diplomats since.

One instance of cybercrime using Turla came in the form of a Firefox extension. This extension was distributed through a compromised unnamed Swiss security company website. Visitors to the website were asked to install the malicious Firefox extension, which was in fact a JavaScript backdoor.

The command and control (C&C) channel set up between the criminal creators of the extension and the victims’ hardware was on the international star’s Instagram page. The use of this tactic presents difficulties for ‘defenders’.

“Firstly, it is difficult to distinguish malicious traffic to social media from legitimate traffic,” said Boutin. “Secondly, it gives the attackers more flexibility when it comes to changing the C&C address as well as erasing all traces of it. It is also interesting to see that they are recycling an old way of fingerprinting a victim and finding new ways to make the C&C retrieval a bit more difficult.”