USA TODAY- Pop star Britney Spears’ Instagram account was used by Russian hackers as a secret bulletin board to place coded messages that were part of a malware scheme, a security company reported. Slovakian antivirus company ESET said in a blog post that it had found encoded messages in the comments section of Spears’ account that, when scanned by a malware-infected computer, would give directions on where to send stolen information. One innocuous comment posted in February looked like a yet another semi-incomprehensible fan posting: “#2hot make loved to her, uupss HHot #X”
However, to those knowing what to look for, it could be translated into a website address that allowed malware to communicate with the computers controlling it. The purpose of the subterfuge was to ensure there was no easily followed trail between the hackers’ computers and the computers their malware had infiltrated. Spears would have had no knowledge that some of the comments posted in her official Instagram account were in fact coded messages between hacked computers, ESET senior malware researcher Jean-Ian Boutin said. There was also no danger to anyone reading or following the account, Boutin said, and no possibility that their devices could have been contaminated or infected by viewing or clicking on it. “There is no active or clickable content in this case, no harm can be done to the account’s followers,” said Boutin.
The message is akin to a spy leaving a window shade up or down to communicate with the agent’s handlers. In that pre-digital scenario, the spy would simply walk down the street and glance up to the window to know whether he or she should go to a pre-arranged drop site to find a message left there.