The messages contained in the comments of Britney Spears' Instagram account were used to compromise the computers of the people affected by the malware
The war between computer security "champions" and hackers is fought in strokes of genius and only those who manage to develop a system to deceive or block the other will win.
A group of Russian hackers, known as Turla and responsible for numerous attacks on government institutions, chose social networks to "explain" to computers previously affected by malware where to download stolen data. The malicious code was contained within a Firefox extension. In particular, as explained by experts from Eset, a well-known company specializing in cybersecurity solutions, the messages were contained within some comments posted on the official Instagram profile of the well-known American singer Britney Spears and were used to make the machines infected by the malware communicate.
The hackers' strategy
As Eset experts explain, the computer affected by the malware analyzed all the comments posted to the photos on the rock star's page, going in search of the message containing the malicious code left by the Russian hacker group. Once found, what seemed to be a harmless text turned out to be a link that directed the affected machine to cyber criminals' servers.
It all started with a simple extension, which was supposed to improve computer security, spread through the website of a cybersecurity expert company, which was compromised by the hackers.
The malware affected visitors of the website infected by the hackers, who were asked to install the malicious extension. In order to download the stolen data, the malware needed to read a URL contained not in the virus code, but in the comments left by the hackers on Britney Spears' official profile.