Jump to content
Sign up to our newsletters
Independent
US election
More
Best
Climate
TV

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in

Britney Spears Instagram: Hackers plant malware in singer's comments section

The malicious comment appeared to be spam, reading, '#2hot make loved to her, uupss #Hot #X'

Aatif Sulleyman
Friday 09 June 2017 16:37 BST
Comments
Security expert Jean-Ian Boutin uncovered a bit.ly link hidden in the comment
Security expert Jean-Ian Boutin uncovered a bit.ly link hidden in the comment (Getty Images)

Your support helps us to tell the story

Support Now

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Hackers have been found trying to attack users through a cleverly disguised comment on an Instagram picture posted by Britney Spears’ account.

The unusual incident was spotted by security firm ESET, which investigated a comment that most web users would typically dismiss as spam.

The picture, which was posted on 7 January, is still up, but the comment has been deleted.

It was posted under the username ‘asmith2155’, and appeared to read, “#2hot make loved to her, uupss #Hot #X.”

 

Such a great shoot with @david_roemer

A post shared by Britney Spears (@britneyspears) on

However, security expert Jean-Ian Boutin uncovered a bit.ly link hidden in the comment, which was linked to a malicious extension for the Firefox internet browser designed to steal people’s data.

“This comment was posted on February 6, while the original photo was posted in early January,” wrote Mr Boutin in a blog post.

"The extension uses a bit.ly URL to reach its C&C, but the URL path is nowhere to be found in the extension code. In fact, it will obtain this path by using comments posted on a specific Instagram post."

Fortunately, the URL that the hackers were trying to promote wasn't visited by many users.

“There were only 17 hits recorded on this link in February, right around the time the comment was posted,” explained Mr Boutin.

“However, this is quite a low number and might indicate that it was only a test run.”

Instagram has stressed that the platform was not compromised, and it has taken action on the comments, which were not removed by the people responsible.

"We are aware of this activity and have taken action against the responsible accounts," the company said in a statement.

ESET says Turla, a hacker group that’s believed to have links to the Russian government, was behind the attack.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in