Hackers have hidden nasty malware in a very peculiar place.
They booby-trapped Britney Spear’s Instagram account after conducting a sophisticated “watering hole” attack.
This sort of attack compromises websites likely to be visited by people the cyber criminals want to target.
It appears that Russian hackers linked to Vladimir Putin’s cyber intelligence unit are to blame, according to the researchers who discovered the malware.
The crooks carry out the scam by creating a fake Firefox browser plugin and trying to get people to download it from a reputable website.
Once downloaded, this plugin can monitor everything typed into the browser including your passwords, personal details, and banking logins.
The cyber-scammers are using links on Spears’ Instagram posts to control and command the malware.
Effectively, Spears’ Instagram posts are inadvertently helping them host a backdoor into people’s computers and phones.
It seems a strange and long-winded technique, but this makes it more difficult for people to shut down their scam.
The hackers can easily hide their work in plain sight, making it tougher to spot.
And it makes them a lot more difficult to trace.
Researchers at We Live Security said: “We noticed that this extension was distributed through a compromised Swiss security company website. Unsuspecting visitors to this website were asked to install this malicious extension.”
“The extension is a simple backdoor, but with an interesting way of fetching its C&C [control and command] domain.”
The plugin uses a certain URL to keep the malware online but the researchers couldn’t find it anywhere in the malware code.
“In fact, it will obtain this path by using comments posted on a specific Instagram post,” they added.
“The one that was used in the analyzed sample was a comment on a photo posted to the Britney Spears official Instagram account,” they added.