Pop stars tend to be very popular on Instagram, and that goes for Britney Spears as well. Her profile has over 16.9 million followers, and her posts are getting millions of views. When it comes to the comments on her pictures and videos, there are thousands upon thousands of them on everything she posts. In fact, some might say that there are so many of these comments, that even coded messages could be hidden among them. They might stay there for months, or even years without being discovered.
As ridiculous as that might sound, it’s exactly what one group of Russian-speaking hackers was doing. Eset’s researchers have discovered that hacker group called Turla, which deals in matters of espionage and has links to the Russian government, has been using Britney’s Instagram for their own purposes. Several of their comments were found on the pop star’s photos, and in them they posted links that are used for guiding malware to the group’s servers.
At the first glance, these comments don’t look like anything special, or even out of ordinary. They’re even filled with hashtags, as well as messy grammar, and they can even be pointless. In other words, they look exactly like all the other comments, and they pretty much don’t stand out in any way. However, Eset’s researchers claim that there’s more to these comments than can be seen.
They’re much more than just fan comments, as Eset has discovered. In fact, they are encoded web addresses, and they’re hiding short URLs that were made via Bit.ly service.
After the researchers followed the link hidden beneath one of the comments, they ended up on a site that was once used for the watering hole attack. This is the attack that’s targeting a specific group, and it does so by infecting websites that the said group might visit.
The question on many people’s minds is probably why would hackers do that? Why would they post encoded messages that are hiding links to websites used in earlier attacks in the comments of the music star? Well, the reason is the of the popularity of Instagram. Instagram is one of the biggest and most used social networks these days, and an insane amount of traffic flows through it every day. Most of it is a legitimate traffic, and it includes pictures, videos, and comments that users are posting and watching.
A place that lively and busy is the perfect location for conducting malware and giving it instructions, like where to go, or what to do. And the encoding only helps with making the comment legitimate and less suspicious. Also, even if their links are found, or comments deleted, hackers can simply create a new one, and once again it’ll be ages until it’s detected.