Spotify targeted by malicious ads

The free version of Spotify is targeted by malicious ads, as hackers look to place malware on users' systems.

Spotify

Malicous adverts have appeared on the free version of Spotify, as hackers attempted to attack Windows users with the Blackhole exploit kit.

Users did not even have to click through on the ads to be affected, according to Websense, which said the first report it received of a malicious advert appearing on Spotify was from 24 March.

Once users' systems had connected to an outside IP address, the exploit kit would attempt to exploit a range of vulnerabilities, including a flaw affecting Adobe Reader and Acrobat.

The end objective from the hackers point of view was to get the Windows Recovery fake AV application on to user systems.

Once the malware was successfully installed, additional software could be installed to further compromise victims' systems.

A fifth of users who had seen the so-called "malverts" were from the UK, with 59 per cent based in Sweden, according to Avast.

No data on how many users had malware downloaded onto their computers was was available at the time of publication, although a number raised concerns with Spotify over Twitter.

Spotify relies on advertising revenue to keep its free service running, so the attacks represent a serious issue for the music streaming service.

Websense said malvertising was not a new concept, but this case was different.

"In the past the malicious ads have been displayed as part of a website and viewed with the browser. In this case the malicious ad is actually displayed inside of the Spotify application," the security firm said in a blog.

"If you had Spotify open but running in the background, listening to your favorite tunes, you could still get infected."

At the time of publication, Spotify had not responded to a request for a statement on the malicious ads, but has indicated its course of action over Twitter.

"We've turned off all 3rd party display ads that could have caused it until we find the exact one," one company post read.

Another said: "We're still investigating but we take this very seriously and will take every step possible to ensure it doesn't occur again."

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
London ranks second to Silicon Valley as world's best startup hub
startups

London ranks second to Silicon Valley as world's best startup hub

22 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021