SHADY, HOODIE-WEARING RUSSIAN HACKERS HAVE been testing out their malware on pop princess Britney Spears and her Instagram account.
Britney's Instagram, specifically its comments section, has been drawn into the Turla watering hole menace. The security firm ESET has devoted a lot of time to poring over the Instagram account and found out that some Russians were using a sneaky, sneaky way to test some threats and to communicate.
"A watering hole attack compromises websites that are likely to be visited by targets of interest," said ESET as it explained the complicated threat and made us reconsider who we follow on the self-promoting photo account thing.
"While we believe this to be some type of test, the next version of the extension - if there is one - is likely to be very different. There are several APIs that are used by the extension that will disappear in future versions of Firefox. These can only be used by add-ons that will be superseded by WebExtensions starting with Firefox 57. From that version onwards, Firefox will no longer load add-ons, thus preventing the use of these APIs."
The hackers, picture someone in a balaclava, have created a backdoor trojan that they have lined up for future use. It is currently being tested out on Spears and her fans in the background. To be an efficient attack, a Firefox extension must be used, so that could limit its impact, but ESET says that it looks bad and we are inclined to agree with it.
"The fact that the Turla actors are using social media as a way to obtain its C&C servers is quite interesting. Attackers using social media to recover a C&C address are making life harder for defenders," it added.
"Firstly, it is difficult to distinguish malicious traffic to social media from legitimate traffic. Secondly, it gives the attackers more flexibility when it comes to changing the C&C address as well as erasing all traces of it.
"It is also interesting to see that they are recycling an old way of fingerprinting a victim and finding new ways to make the C&C retrieval a bit more difficult."
We should add: Quit looking at pictures of Britney Spears. µ
Welcome to the dystopia Black Mirror warned us about
Microsoft in 'more helpful' shock
A whole new way to be tied to your ISP
Search giant puts Epyc chips at the heart of its datacentre servers