One of the tricky things about running an effective malware organization is hiding your servers on the internet so that the good guys can’t find them and shut them down, while allowing the malware and coders to find them and do their respective jobs.
Turla, which is an “advanced persistent threat” hacking group based in Russia, has found a way around this by hiding encrypted information on their servers in the comments of Britney Spears Instagram account.
According to an analysis by ESET, an experienced security research group, “The extension uses a bit.ly URL to reach its C&C (Command and Control Servers), but the URL path is nowhere to be found in the extension code. In fact, it will obtain this path by using comments posted on a specific Instagram post. The one that was used in the analyzed sample was a comment about a photo posted to the Britney Spears official Instagram account.”