Malware News Russian State Hackers Use Britney Spears Instagram Posts to Control Malware

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
A cyber-espionage group known as Turla — believed to be the cyber-arm of Russian intelligence — has been playing around with a backdoor trojan disguised as a Firefox extension that uses comments on Britney Spears Instagram photos to store the location of its command and control (C&C) server.

Discovered in a recent distribution campaign by ESET researchers, this Firefox extension is part of a larger arsenal of hacking tools used by the Turla APT.

The group's primary mode of operation is via compromised sites that load malicious code that forcibly download and execute malicious files on the user's computer. This type of attack is known as a drive-by download and is used by exploit kits, malvertising campaigns, and cyber-espionage units.

Firefox extension distributed via hacked Swiss site
The Firefox extension is not installed by force, but researchers have seen it on the compromised site of a Swiss security company.

Visitors of this site were asked to install the extension, called HTML5 Encoding. ESET says this is a simple JavaScript-based backdoor that reports the user's activity back to its operators.
....
 

onreact

Level 1
Verified
May 3, 2017
30
This is so bizarre it's already ludicrous.

I would say fake news if it was not the usually reliable source.

Have you checked whether it's not a hoax?
 
  • Like
Reactions: frogboy

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
If this is true, this is just another indicator as to why not to rely on basic defence practices ONLY.
Though the 'firsthand' users affected by the bait should mostly be business users (potential and current clients or partners of the Security firm), "relying basic protection programs only, like WD, just because one follows safe habits" won't work out always. Safe habits too may get one deceived in such cases.
Attack vectors are not just getting technically complex and novel, but psychologically too, through legal and illegal means both.
What about the folks who're going to click on those comments storing the C&C server :eek:?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top