How Britney Spears's Instagram Became Part Of A Malware Attack

Celebrity Instagram accounts are prey to all manner of bizarre comments that, strange as they may be — "LBs" and posts about shopping discounts, included — are usually harmless. But this was not the case for Britney Spears, whose account recently unwittingly became part of a malware attack.
As reported by Popular Mechanics, one now deleted comment, added to a photo posted by Spears in January, was from the user asmith2155 (who is nonexistent on Instagram). It read: "#2hot make loved to her, uupss #Hot #X."
Advertisement

Such a great shoot with @david_roemer

A post shared by Britney Spears (@britneyspears) on

To most people, this looks like the random nonsense that's standard fare for celebrity accounts. In reality, it was a hidden web address connected to malware. According to a report published this week by IT security firm ESET, the comment came from a cyber espionage group with malware known as Turla. The group has been suspected of having ties to the Russian state, and usually targets governments and diplomats.
The way the malware works through the Instagram comment is complicated and involves multiple steps.
"You first have to be infected with a particular Firefox add-on," Marcus Moreno, a supervisor of threat research at cybersecurity company Webroot, told Refinery29. "Once infected with the add-on, the user will have to view the Britney Spears Instagram photo comments. There, the '#2hot' comment left by a particular user will get interpreted [by the Firefox add-on] into a bit.ly link."
Finally, that link connects back to the group's server, completing the attack. While it's concerning to see the malware hidden on Instagram, your chances of being affected by such an attack are low.
"The odds of a user using Firefox that has the malicious add-on and then visiting that photo are very slim," Moreno said. "Instagram is primarily used on mobile devices and the comment can’t be interpreted to perform the malicious act when viewing the photo and comments by a mobile device."
Still, ESET advises that you keep web browsers and plugins updated, and avoid downloading any plugins that look questionable. After all, there are Toxic forces at work.
Advertisement