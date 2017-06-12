

MOSCOW (dpa-AFX) - Pop star Britney Spears' Instagram account was used by Russian hackers to communicate utilizing malware, according to a report released by Slovakian security firm ESET.



In a blog post, ESET said it found encoded messages in the comments section of Spears' account that contained covert malware instructions. On being scanned by a malware-infected computer, it would give directions on where to send stolen information.



According to ESET, a Russian-speaking hacking group Turla that has targeted governments, officials and diplomats for years, posted a comment on one of Spears' Instagram photos that was seemingly gibberish.



The hacker comment, posted in February, was '#2hot make loved to her, uupss HHot X.' Hidden in the comment was a trackable hash containing a string of characters - actually a way to relay to other hackers where to send stolen information in a malware scheme.



The extension uses a bit.ly URL to reach the malware's command-and-control or C&C server, but the URL path is nowhere to be found in the extension code.



The messages by themselves were not clickable and thus did not pose a threat to anyone who happened to read or follow Spears' account, ESET said.



In addition, the pop star would have had no knowledge that some of the comments posted on her official Instagram account were in fact coded messages between computers.



ESET noted that hackers using social media to recover a C&C address will make life harder for defenders, as it is difficult to distinguish malicious traffic to social media from legitimate traffic.



In addition, it will give hackers more flexibility when it comes to changing the C&C address as well as erasing all traces of it.



