My message to Russian hackers is this: LEAVE BRITNEY ALONE!
Russian hacking collective Turla has been targeting governments and military operations in the United States, Europe, Asia, and the Middle East for the past decade. Now, it appears that the group is targeting everyday citizens — specifically Britney Spears fans.
In the comments section of Spears' Instagram page, Turla posted strings of malware-activating code that looked like innocent comments. One comment in particular — as reported by security firm ESET — read "#2hot make loved to her, uupss HHot #X."
Fortunately, the malware was only effective through Firefox's full desktop web browser and if malicious extension "HTML5 Encoding 0.3.7" had previously been downloaded. The malicious comments have been removed, so Spears' Instagram should be safe again.
ESET reported that little damage was inflicted by the attack.
There were only 17 hits recorded on this link in February, right around the time the comment was posted. However, this is quite a low number and might indicate that it was only a test run … the next version of the extension – if there is one – is likely to be very different. There are several components that are used by the extension that will disappear in future versions of Firefox.
We asked our resident Instagram expert — Bettina Mangiaracina — for her take on the attack. She explained to Gadget Hacks that it didn't really surprise her. In fact, she thinks we should expect more just like it.
Britney's IG account gets thousands of comments per post. When you post a comment under one of Spears' posts, it's like an avalanche. Your post will be hidden under hundreds of other users. This makes Spears' and other celebrity accounts the perfect place to hide a comment full of malware-activating code. I wouldn't be surprised if we start seeing a lot more hackers using celebrity Instagram accounts to communicate between each other.
To avoid falling victim to a sophisticated attack like this, it is advised that you avoid installing software or opening files from unknown authors. If something seems sketchy, don't hesitate to search online to see if there's any information about its credibility. These guidelines should be followed on desktops and smartphones, as millions of people are affected by mobile attacks.
The question that's still on everyone's mind is: why Britney? Are the Russian hackers still upset about the tumultuous end to her relationship with Justin Timberlake? Did they attend her Vegas show and leave underwhelmed? Whatever the reason is, let's hope these hackers give Britney a break.
Oh... and if you're working from home these days, be sure to check out Gadget Hacks' Working-From-Home Essentials.