Russian hackers are hiding malicious code in plain sight — on Britney Spears' Instagram

Source: REDPIXEL.PL/Tinseltown

Oops, Russians did it again.

Turla, a notorious Russian-speaking hacking collective, hid the URL of its control server in comments on Britney Spears' Instagram, as detailed in a new report from antivirus providers on WeLiveSecurity.

"It's akin to storing or hiding instructions in plain sight," Whitney Merrill, infosec attorney and technologist, said in an email. "It reminds me of spy movies where the spy is supposed to look for particular words or phrases in a publicly published newspaper to receive a message and know how to act."

You can read about the hackers' full process here. A brief explanation: The JavaScript backdoor — actually a Firefox extension — scanned and hashed all of the comments on Britney's Instagram post until it detected one with a certain value, which then fetched the domain of the control server that moves stolen information to and from compromised computers.

In this case, the value was 183. The comment was "#2hot make loved to her, uupss #Hot #X." The photo:

A photo posted by (@) on

"We are aware of this activity and have taken action against the responsible accounts," an Instagram spokesperson said in an email to Mic.

This method isn't exactly concealing malware, but rather obfuscating the URL that ultimately communicates with the infected internet-connected devices. Merrill noted that it's a slick way to hide the instructions from static analysis — a type of debugging program that examines code without actually executing it.

"This particular use of Britney's Instagram account is clever," Merrill said. "I haven't seen it before. But I wouldn't be surprised if other pieces of malware are using a similar tactic."

Can't we just... leave Britney alone?

June 7, 2017, 1:10 p.m.: This story has been updated.

How likely are you to make Mic your go-to news source?

Melanie Ehrenkranz

Melanie is a writer covering technology and the future. She can be reached at melanie@mic.com.

MORE FROM

How to use the Snapchat Map while everyone else continues to be confused about it

Everything you need to know about the new feature.

Planet 10? Scientists may have discovered a hidden planet in our solar system

There could be a ninth — or even 10th — planet hiding out in our solar system.

Scientists created a robot that will iron your clothes for you

Shut up and take my money.

Moth eyes have inspired the touchscreen of the future

It's going to change the anti-reflection game.

Twitter was flagging tweets including the word "queer" as potentially "offensive content"

Why Twitter put the word "queer" in the same category as violent, sexual imagery.

How Mark Zuckerberg wants to transform society through Facebook Groups

Facebook has a new mission.

How to use the Snapchat Map while everyone else continues to be confused about it

Everything you need to know about the new feature.

Planet 10? Scientists may have discovered a hidden planet in our solar system

There could be a ninth — or even 10th — planet hiding out in our solar system.

Scientists created a robot that will iron your clothes for you

Shut up and take my money.

Moth eyes have inspired the touchscreen of the future

It's going to change the anti-reflection game.

Twitter was flagging tweets including the word "queer" as potentially "offensive content"

Why Twitter put the word "queer" in the same category as violent, sexual imagery.

How Mark Zuckerberg wants to transform society through Facebook Groups

Facebook has a new mission.