Oops, Trojan malware did it again. This time, it’s targeting popstar Britney Spears’ social media, specifically, her Instagram page. However, the Toxic singer wasn’t the victim of the attack, as her popularity was leveraged to help conduct the scheme (she made our Most Dangerous Celebrities list back in 2014). The Trojan malware, which was created by a well-known hacking group named Turla, actually made its way into the comment section of the princess of pop’s Instagram in the hope of potentially tricking innocent users.
So, how exactly does this ploy work? Leveraging a recently discovered backdoor found in a fake Firefox extension, the cybercriminals instruct the malware to scroll through the comments on Spears’ photos and search for one that had a specific hash value. When the malware finds the comment it was told to look for, it converts it into a malicious Bitly link. This infected comment on Spears’ post doesn’t look exactly normal, but most people would think it’s just spam. That is, unless they click it. If someone does in fact click on the link, they’ll be directed to a site that’s known to be the hacking group’s “watering hole.”
The good news is — experts have said this is simply just a test by the group. However, this ploy reminds us that cybercriminals are getting creative with how they leverage social media to conduct attacks, and how one malicious link can direct users to scams or unsafe areas of the internet.
Therefore, to avoid malicious links and to ensure you use social media safely, follow these tips:
-Be careful what you click. Whether it’s a link in the comments section of Instagram or a site sent from an unknown email, it’s crucial you’re always wary of clicking on unknown links. These links can carry malware, or redirect you to a malicious site. So, if a link doesn’t come from someone you know, it’s best to just err on the side of caution and avoid clicking all together.
-Secure your own social media. Make sure you’re not hit one time with malware by locking down your own personal social media accounts. Spears’ account was leveraged by cybercriminals because her account is public, so always remember to change your social media account settings to private whenever possible. That way, you can control who can friend you and comment on your pictures.
-Use a comprehensive security solution. Whether you’re scrolling through Instagram on your phone or skimming Facebook on your laptop, ensure all of your devices are protected from cyberattacks by using a comprehensive security solution like McAfee LiveSafe.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.