Security News Spotify Free is Serving Up Malware

Jack

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Numerous users are flooding music streaming service Spotify’s Twitter feed, reporting that the freemium tier service has been hit with a malvertising attack.

Those running Spotify Free on the desktop are periodically seeing strange browser behavior, with malicious ads serve malware popping up unbidden.

As a post on the Spotify user forum explains:

“If you have Spotify Free open, it will launch—and keep on launching—the default internet browser on the computer to different kinds of malware/virus sites. Some of them do not even require user action to be able to cause harm.

I have 3 different systems (computers) which are all clean and they are all doing this, all via Spotify—I am thinking it's the Ads in Spotify Free. I hope this has been noticed and Spotify staff are fixing it—fast. But it's still puzzling something like this can actually happen.”

The Twitterati were quick to complain:

“Had a malware on my ubuntu desktop that kept opening random ads on my browser every minute. Luckily @Spotify client was easy to uninstall,” said @SamuNuutamo.

Users on Windows 10, Ubuntu and MacOS have all reported the issue.

@tarukalvi tweeted the customer service handle: “@SpotifyCares Yesterday the Spotify Free software started launching malware on my Mac's Safari on its own. Many have the same experience atm.”

For its part, Spotify responded in the user forum, saying that it has placed the issue under investigation.

Read more: http://www.infosecurity-magazine.com/news/spotify-free-is-serving-up-malware/
 
  • Like
Reactions: Solarquest, LASER_oneXM, DardiM and 18 others
CMLew

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
Voted NO.

I'm Spotify Premium user but I don't use the desktop based. Instead I go for the Spotify Webplayer in Sandboxed Browser.

On a side note, seems Spotify also able to detect the presence of ad-blocker apps. And hence advise us to disable it in order to enjoy full experience :cool:
 
  • Like
Reactions: Solarquest, LASER_oneXM, DardiM and 3 others
S

Sseneb

Level 1
Sep 16, 2016
5
Weird, I used it not so long ago and never experienced this behaviour. As @CMLew said, if Spotify is able to detect the presence of ad-blocker apps then maybe Ublock Origin is the reason I'm not experiencing it ! Anyways cool share, I will pay more attention when using Spotify Free.
 
  • Like
Reactions: Solarquest, LASER_oneXM, DardiM and 2 others
_CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
What is Spotify ?
Never mind I see it a streaming service for music :p
Another one I am glad I don't frequent.
The first sign of a site asking me to disable any part of my config and i
head the other way ;)
 
  • Like
Reactions: Solarquest, DardiM, askmark and 4 others
Cohen

Cohen

Level 7
Verified
Well-known
May 22, 2016
328
I used to have Spotify Family until I found out about Google Play Music and the features it provides its users such as uploading music from your device to your Google Play Music account and syncing to all of your devices. After hearing this, I'm even happier I changed from Spotify. :D
 
  • Like
Reactions: LASER_oneXM, DardiM, askmark and 3 others
Nikos751

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
970
Thanks for reporting this here in MT. I wonder how the browser opens without interaction (if this is the case) in every OS and visits malicious links. Is it an exploit? It's rare for an exploit to be cross plarform.
 
  • Like
Reactions: DardiM, frogboy and kev216
cruelsister

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
The real problem here is NOT with Spotify but instead with the third party Ad network that they utilize- by that I mean that ANY other website that employs this Ad Network will carry a similar risk. This is not Script Kiddie stuff, but instead is being initiated by criminal gangs that are counting on the laziness and/or competence of the folks employed at the ad networks. And they are not disappointed.

Also the malware that is being served up tends to the nasty. I've noticed an increase in Botnets being distributed and these (especially if they work by hollowing svchost) are difficult to detect.
 
  • Like
Reactions: Solarquest, Balrog, DardiM and 1 other person
LASER_oneXM

LASER_oneXM

Level 37
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
I'm using "SPOTIFY Premium" and i have a desktop application on all my PCs/laptops....
 
  • Like
Reactions: DardiM
askmark

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
cruelsister said:
Also the malware that is being served up tends to the nasty. I've noticed an increase in Botnets being distributed and these (especially if they work by hollowing svchost) are difficult to detect.
Click to expand...

What security would you recommend to protect against these kinds of attacks. Is browser sandboxing enough?
 
  • Like
Reactions: DardiM and frogboy
I

Ink

Administrator
Verified
Jan 8, 2011
22,490
Spotify is one of the best free music streaming services. I have it installed on desktop but I mostly use the Android version or Google Play Music - both of which are Free and can alternatively be streamed from their Web-based site.
 
  • Like
Reactions: DardiM
S

soccer97

Level 11
Verified
May 22, 2014
517
I am guessing it is probably unwise to use Spotify Premium on Android for a week or so to be safe?
 
Nikos751

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
970
soccer97 said:
I am guessing it is probably unwise to use Spotify Premium on Android for a week or so to be safe?
Click to expand...
Spotify Premium is ad free. Also, Android is a much more robust platform compared to Windows and it's very rare to get malware without user interaction just by opening a trusted app or a random webpage.
 
S

soccer97

Level 11
Verified
May 22, 2014
517
Nikos751 said:
Spotify Premium is ad free. Also, Android is a much more robust platform compared to Windows and it's very rare to get malware without user interaction just by opening a trusted app or a random webpage.
Click to expand...


Thank you. You do have a good point. JS and Flash exploits tend to be happening more frequently now in tandem with each other.
 
  • Like
Reactions: Nikos751
Malware Man

Malware Man

Level 9
Verified
Well-known
Feb 2, 2013
440
I am a Spotify Premium user so I haven't ran into this issue. I used to use the free version for months and months and when I started working I decided to purchase a year of Premium all at once. Whenever my subscription expires next year I will be looking to other services to see what else is out there. I've heard great things about Apple Music and Google Play Music. I'm leaning more towards Apple Music since I have an iPhone and iPad and it just will integrate more.
 
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Hundred Points
Malware News Malware September 2024: Formbook on Windows devices
Replies
0
Views
795
Security News
Gandalf_The_Grey
Gandalf_The_Grey
JoeN
    • Like
New Update AdBlocker Ultimate MV3 Chrome extension
Replies
12
Views
802
Web Extensions
JoeN
JoeN
Gandalf_The_Grey
    • +Reputation
Security News DDoS site Dstat.cc seized and two suspects arrested in Germany
Replies
0
Views
511
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top