Russian intelligence group used spyware on Instagram

Russian intelligence group used spyware on Instagram
© Getty Images

Hackers associated with the Russian government used Instagram to control malware used in attacks, according to a new report. 

Researchers at Eset found that Turla, a well-known group believed to be affiliated with Russian intelligence, designed a malicious extension for the FireFox web browser to allow malware on a victim's computer to communicate with the hackers over the photo-sharing social network. 

The extension would scour the comments of a designated photograph for specially crafted messages that contained a web address used to communicate with the home base. 

In the sample analyzed by Eset, the photo belonged to Britney Spears's account.


The extension would look for a comment that met certain mathematical parameters. It would decode that comment by looking for text formatting markers in the comment that indicate which letters are important. 

For example, on the Spears photo, the encoded comment was "#2hot make loveid to her, uupss #Hot #X." Hidden in the comment were invisible formatting characters marking letters and numbers that would direct the malware to a web address for a server that acted as an intermediary between the hackers and the victim. 

The encoded web addresses use the URL shortener, which makes public data about how many people follow a link. Eset notes in its report that only 17 people followed the link on the Spears photo. That could mean this was only a test run of the extension or that other versions used different encoded pictures and addresses.  

It is not uncommon for hackers to use social media to help direct malware, though this is the first known use of Instagram to do so.