#Instagram britney spears install#
For this Trojan in particular, visitors who click will get taken to a site and asked to install the extension with the benign name “HTML5 Encoder.” If someone does in fact click on the link, they’ll be directed to the hacker group’s forum, which is where they actually infect innocent users. This infected comment on Spears’ post doesn’t look exactly normal, but most people probably would think it’s just spam - unless they clicked it. If the attackers want to create a new meetup location, all they have to do is delete the first infected comment, and infiltrate a new one with same hash value.
This way, in the chance their attack becomes compromised, the cybercriminals can ensure their C&C can be changed without having to change the malware. The shortened link resolves to a site that’s known to be a Turla watering hole. When the malware finds the comment it was told to look for, it converts it into this Bitly link. So how does Turla make this happen, exactly? Leveraging a recently discovered backdoor found in a fake Firefox extension, the cybercriminals instruct the malware to scroll through the comments on Spears’ photos and search for one that has a specific hash value.
As a matter of fact, they’re using her Instagram as a way to contact the malware’s command and control (C&C) server. A nasty piece of malware is currently being tested by a Russian hacking group named Turla, and its trial round has been conducted in an unexpected area of the internet - the comments section of Britney Spears’ Instagram.
0 kommentar(er)
