Britney Spears was an unwitting victim of Russian hackers, and the pop star likely had no idea as their actions were carefully hidden. According to a report released this week from Slovakian security firm ESET (via Engadget), the hackers used Spears’ Instagram as a means to communicate utilizing malware.
As Engadget reports, among thousands of innocuous comments found on Instagram, there are some that contain covert malware instructions. ESET found that Turla, a Russian group ESET says has long targeted governments, government officials and diplomats, had posted a comment on one of Spears’ Instagram photos.
“We are aware of this activity and have taken action against the responsible account,” a rep for Instagram tells Rolling Stone while declining to provide further detail. A rep for Spears did not immediately reply to Rolling Stone‘s request for comment.
The hacker comment, which in the original post has since been deleted, was screen captured by ESET. It was posted in February. “#2hot make loved to her, uupss #Hot #X,” user asmith2155 wrote. While it looks like random spam, in this case it was a more sinister means to communicate with compromised computers. Hidden in that comment was a trackable hash that contained a string of characters – in this case 2kdhuHX – that correlated with a bit.ly link. That link would in turn connect to the malware’s command-and-control (C&C) server.
Due to the low number of hits on the bit.ly link, ESET surmised this particular comment was simply a test post. Spears and other high profile Instagram accounts with millions of followers make good places for these kinds of codes and messages to hide. Spears’ original post was made in January, a month before the malicious comment was made, so there were already a couple thousand comments in which that comment could be buried, making it more difficult for anti-hacking trackers to discover. Plus, as was done in this case, the comment is easy to delete, making it even harder to track when hackers’ malware communicate via Instagram comments.