Russian government hackers apparently targeted pop diva Britney Spears’ Instagram account last February by hiding malware in the comment section.
Security researchers at Slovakian security firm ESET have been looking into Turla, a long-running hacking group believed to be linked to the Russian government that has targeted foreign governments, militaries, educational institutions and more.
And they found something pretty unusual, they wrote in a blog post: The malware has been receiving instructions via a seemingly innocuous comment on one of Britney Spears’ Instagram photos. (We heard about the malware via Engadget.)
In a now-deleted comment, user “asmith215” wrote “#2hot make loved to her, uupss #Hot #X.” Just nonsense spam, right? Nope. Hidden inside that message was a a string of characters — 2kdhuHX — that makes up part of a bit.ly link.
This link will connect it to its command-and-control (C&C) server — giving it instructions on what to do and retrieve stolen data.
— Business Insider (@businessinsider) June 8, 2017
ESET believes the hacking effort was just a test run, in part because the link was clicked on only a few times.
The moral of the story, of course, is to always be on guard while surfing the net — even while on social media platforms — and never, ever try to download random content from unknown links like “#2hot.”