Have Hackers Been Using Your Favorite Celebrity To Spread Malware?

The offending Instagram comment, via ESET

When celebrities like Kim Kardashian, Justin Bieber or Rihanna post to social media, they’re immediately bombarded with comments. Taylor Swift can rack up thousands of comments and like in just a few minutes. But what’s lurking in those comments could be making the world less secure.

Analysis of a new malware program by ESET found that some malware is using Instagram comments as a way to phone home. The Turla malware was looking at a specific comment on Britney Spears’ Instagram account for directions on how to spread.

See, malware is often made to be as small as possible, allowing it to quickly be installed whenever a weakness is exploited. To keep the size down, most malware reaches out to a server for further instructions once it’s installed on the target systems.

However, by monitoring installed software for links to suspicious sites, smart software can keep malware from doing any damage. But Turla doesn’t point anywhere suspicious. Instead, it points to a innocuous Instagram post.

There, the malware is supposed to look for a comment with a specific hash value — basically, a comment that, when run through an algorithm, results in a specific value. The comment, which reads “#2hot make loved to her, uupss #Hot #X”, doesn’t look too out of place on a celebrity post.

But that “uupss” and the “#X” help the string of character reach the right hash value. Once it has the right hash value, it runs the comment through another algorithm that results in a URL, which then lets the malware connect with a server under the hacker’s control.

The genius of this malware attack is that by using a celebrity account, it is able to hide directions in plain sight.

So many people comment on a post that no one is going through and blocking or reporting suspicious activity. That means one Instagram account can post on multiple celebrity statuses with directions for various forms of attacks. Plus, navigating to Instagram isn’t going to alert any malware-spotting software.

Private citizens don’t have much to worry about here though. The URL this attack pointed to only received 17 clicks since the comment was posted, and the Turla attack was mostly aimed at embassy workers. And now that the attack vector is known, anti-malware programs will be on the lookout for similar attacks to keep users safe.

Gabe Turner

Gabe Turner

Gabe Turner is an attorney and journalist with a passion for home tech and secure, efficient living. Since graduating from NYU Law, he has maintained a paradoxical existence of trying to live life adventurously while remaining staunchly risk-averse. He is torn by the dual desires of wanting to only be in Brooklyn writing about housing policy and smart home tech and aspiring to visit his friends scattered across the globe. Gabe believes that stable, safe communities are the cornerstone to a vibrant and healthy society, and it is this passion that brought him to contribute to Security Baron.

Trending News

Follow Us