Spotify Free hits sour note with infected ads

Posted on by ESET Ireland

spotify76701543-623x410

Some users of the ad-supported music streaming service Spotify Free got more hits than they bargained for, according to numerous reports.

It all started on Tuesday (4th), when one of its users reported an issue to their forum. It read:

There’s something pretty alarming going on right now with Spotify Free. This started several hours ago. If you have Spotify Free open, it will launch – and keep on launching – the default Internet browser on the computer to different kinds of malware / virus sites. Some of them do not even require user action to be able to cause harm.

I have 3 different systems (computers) which are all clean and they are all doing this, all via Spotify – I am thinking it’s the Ads in Spotify Free.

Within a matter of hours, Twitter users were echoing these sentiments and indicating that browsers on Windows 10, MacOS and Ubuntu were launching and spawning the suspect ads.

AppleInsider reported that the questionable sites were distributing potentially infectious Javascript and Flash executables.

Subsequently, Engadget and TrustedReviews made inquiries to Spotify, which issued the following statement:

A small number of users have experienced a problem with questionable website pop-ups in their default browsers as a result of an isolated issue with an ad on our free tier. We have now identified the source of the problem and have shut it down. We will continue to monitor the situation.

Spotify was hit with a similar incident in 2011, when an ad that appeared directly in their Windows desktop software installed a bogus antivirus program.

At the time, Spotify noted that users running antivirus software were protected.

Spotify’s response indicated that one ad was responsible for spawning and re-spawning multiple malicious ads.

In 2014, Spotify experienced a data breach. While it was a highly isolated incident – only one user’s data was accessed – the music giant nevertheless took the incident seriously.

It stated at the time: “We take these matters very seriously and as a general precaution will be asking certain Spotify users to re-enter their username and password to log in over the coming days.

“As an extra safety step, we are going to guide Android app users to upgrade over the next few days.”

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s