Jump directly to the content
OOPS I DID IT AGAIN

Russian hackers use sexy Britney Spears pictures to hide nasty malware which could empty your back account

Sultry snaps of the sexy pop star have been hijacked by crooks to spread a virus which could suck you into a world of pain

HACKERS have hidden nasty malware in a very peculiar place.

They have booby-trapped Britney Spear's Instagram account after conducting a sophisticated "watering hole" attack.

A comment on this Britney Spear pic has been linked to nasty malware
4
A comment on this Britney Spear pic has been linked to nasty malware

This sort of attack compromises websites likely to be visited by people the cyber-crims want to target.

It appears that Russian hackers linked to Putin's cyber intelligence unit are to blame, .

The crooks carry out the scam by creating a fake Firefox browser plugin and trying to get people to download it from a reputable website.

Britney Spears has been targeted by Russian hackers
4
Britney Spears has been targeted by Russian hackersCredit: Instagram

Once downloaded, this plugin can monitor everything typed into the browser including your passwords, personal details and banking logins.

The cyber-scammers are using links on Britney's snaps to control and command the malware.

Effectively, Britney's snaps are inadvertently helping them host a backdoor into people's computers and phones.

It seems a strange and long-winded technique, but this makes it more difficult for people to shut down their scam.

The hackers can easily hide their work in plain sight, making it tougher to spot.

Britney has a 16.9 million strong following on her Instagram account
4
Britney has a 16.9 million strong following on her Instagram account
Here is the extension or plugin which is actually malicious software
4
Here is the extension or plugin which is actually malicious software

And it makes them a lot more difficult to trace.

Researchers at We Live Security said: "We noticed that this extension was distributed through a compromised Swiss security company website. Unsuspecting visitors to this website were asked to install this malicious extension.

"The extension is a simple backdoor, but with an interesting way of fetching its C&C [control and command] domain."

The plugin uses a certain URL to keep the malware online but the researchers couldn't find it anywhere in the malware code.

"In fact, it will obtain this path by using comments posted on a specific Instagram post," they added.

"The one that was used in the analysed sample was a comment on a photo posted to the Britney Spears official Instagram account," they added.


We pay for your stories! Do you have a story for The Sun Online news team? Email us at tips@the-sun.co.uk or call 0207 782 4368

 

Topics
YOU MIGHT LIKE
RECOMMENDED FOR YOU
MORE FOR YOU