Hackers have been found trying to attack users through a cleverly disguised comment on an picture posted by ’ account.
The unusual incident was spotted by security firm , which investigated a comment that most web users would typically dismiss as spam.
The picture, which was posted on 7 January, is still up, but the comment has been deleted.
It was posted under the username ‘asmith2155’, and appeared to read, “#2hot make loved to her, uupss #Hot #X.”
However, security expert Jean-Ian Boutin uncovered a bit.ly link hidden in the comment, which was linked to a malicious extension for the Firefox internet browser designed to steal people’s data.
“This comment was posted on February 6, while the original photo was posted in early January,” wrote Mr Boutin in a .
“The extension uses a bit.ly URL to reach its C&C, but the URL path is nowhere to be found in the extension code. In fact, it will obtain this path by using comments posted on a specific Instagram post.”
Fortunately, the URL that the hackers were trying to promote wasn’t visited by many users.
Gadgets and tech news in pictures Gadgets and tech news in pictures
“There were only 17 hits recorded on this link in February, right around the time the comment was posted,” explained Mr Boutin.
“However, this is quite a low number and might indicate that it was only a test run.”
ESET says Turla, a hacker group that’s believed to have links to the Russian government, was behind the attack.