Sometimes hackers create fun projects, like a DIY technological hack, but not all computer wizards use their powers for good. As we’ve seen in recent months, hackers are still striking everything from email servers to social media. Now there are reports claiming that Russian hackers are using Britney Spears’ Instagram account to communicate via coded messages.

View this post on Instagram

Masquerade indeed 😜🤓🤷‍♀️🙊🎭#tbt

A post shared by Britney Spears (@britneyspears) on

It’s not unusual for celeb accounts to get some weird comments — everything from “will you marry me” to ads for personal products. We’ve come to expect them when scrolling through famous people’s photos. But a new report from a cyber security company says one comment from a post on Spears’ Instagram account back in January was actually a hidden web address that created a malware attack through a loop.

According to the report, the comment in question was posted by what appears to be a bot IG account and simply said, “#2hot make loved to her, uupss #Hot #X.” Security firm ESET says the message contained a hidden web address, which would connect infected computers to the malware’s control server. It’s a very roundabout process, and may not affect a lot of people — an ESET researcher told USA Today that there’s no danger to Spears’ followers — but the fact that it’s being used on Instagram at all is pretty creepy.

The Russian connection here is that the group who supposedly created this malware loop is believed to have ties to the country’s already-established hacker network. ESET believes that the comment on Spears’ account was a test for their system.

Experts say that if you’re worried, update all your software and don’t download any suspicious-looking add-ons.

Have you ever been hacked? Tell us @BritandCo.

(h/t Refinery29; photo via Kevin Winter/Getty)