Oops, Russians did it again.
Turla, a notorious Russian-speaking hacking collective, hid the URL of its control server in comments on Britney Spears' Instagram, as detailed in a new report from antivirus providers on WeLiveSecurity.
"It's akin to storing or hiding instructions in plain sight," Whitney Merrill, infosec attorney and technologist, said in an email. "It reminds me of spy movies where the spy is supposed to look for particular words or phrases in a publicly published newspaper to receive a message and know how to act."
In this case, the value was 183. The comment was "#2hot make loved to her, uupss #Hot #X." The photo:
"We are aware of this activity and have taken action against the responsible accounts," an Instagram spokesperson said in an email to Mic.
This method isn't exactly concealing malware, but rather obfuscating the URL that ultimately communicates with the infected internet-connected devices. Merrill noted that it's a slick way to hide the instructions from static analysis — a type of debugging program that examines code without actually executing it.
"This particular use of Britney's Instagram account is clever," Merrill said. "I haven't seen it before. But I wouldn't be surprised if other pieces of malware are using a similar tactic."
Can't we just... leave Britney alone?
June 7, 2017, 1:10 p.m.: This story has been updated.