Instagram Account of Britney Spears Used in Cyber Attack
A cybercrime group called Turla - is supposed to be the cyber-arm of Russian Intelligence has been playing around with a backdoor Trojan concealed as a Firefox extension which uses comments on Instagram pictures of Britney Spears to store the location of its Command and Control (C&C) server.
Researchers of antivirus provider ESET published a report on Tuesday stating that one latest exposed backdoor Trojan used comments posted on official Instagram account of Britney Spears to find out the control server which sends instructions and offloads stolen data to and from infected computers.
Researchers of ESET discovered this Firefox extension in a recent distribution campaign is a part of a larger arsenal of hacking tools used by the Turla APT. ESET discovered the exploit which was learnt by Bleeping computer and reported that the Firefox extension was distributed from the compromised site of a Swiss security company. The plug-in has the harmless name of HTML5 Encoding.
The comments consist a hashtag which is a resolution to a URL pointing to the C&C server. ESET thinks that the Trojan was a part of attest because it used a URL shortner to make it easy to count the number of clicks.
ESET said that researchers discovered a Firefox browser extension which impersonated as a security feature. It provided the means for outside parties to capture complete control of an infected computer behind the scenes. Arstechnica.com posted on 6th June 2017 stating that to remain silent, the extension used tricks of programming which includes regular expressions and the calculation of cryptographic hashes to find the control server where the data to be sent.
Apart from using shrewd awesomeness of using Britney Spears in this way, there are some lessons for us to learn. It is a good start to lock down browsers to add third-party plug-ins and it is also important to observe outbound network traffic and look for abnormalities. Your security team finally has a reason to carefully monitor Instagram account of Spear for hidden backdoors. Researchers of ESET observed that Firefox developers are in the process of architecting again the browser in such a way that it will no longer permit Turla extension to work.
» SPAMfighter News - 6/9/2017
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!