Cyber-thieves have used the comments section of Britney Spears’ Instagram account to orchestrate attacks.

Security firm Eset detected the malware dubbed Turla which was spread by the cyber-gang and found in the comments about images in the singer’s gallery.

The Malware Turla

The comments were likely spam but as soon as they get transformed by a code in the virus when users fell for the clickbaits, they get directed to other sites.

Not only did Britney Spears’ Instagram account have the malware, but also multiple comprised websites have it in order to track victims.

The malware Turla has been active since 2014 and attempted to attack government workers, diplomats and other officials, said Eset researcher Jean-Ian Boutin. It was thought to be orchestrated by a hacker group serving the Russia.

Apparently, he said, those who developed Turla used compromised websites that would facilitate the hacking operations.

A compromised website asked users to install a booby-trapped extension for the Firefox web browser.

Digital detective work

Digital detective work by Mr.Boutin said that the command and control (C&C) channel developed by the creators of the extension and victims’ systems was on the singer’s Instagram page.

The ill extension looked for comments that, when they get digitally transformed, they meet a certain value. These were then transformed into a website address that the compromised machine hit to report in or to develop the malicious code they had.

Some comments posted to the Instagram account had much to tell about the key characteristics, meaning that Turla’s developers were examining or treating the control system.

Mr.Boutin said people who exploit social media in such ill manners make ”life harder for defenders”.

“Firstly, it is difficult to distinguish malicious traffic to social media from legitimate traffic.” he wrote. “Secondly, it gives the attackers more flexibility when it comes to changing the C&C address as well as erasing all traces of it.”