IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Spotify targeted by malicious ads

The free version of Spotify is targeted by malicious ads, as hackers look to place malware on users' systems.

Spotify

Malicous adverts have appeared on the free version of Spotify, as hackers attempted to attack Windows users with the Blackhole exploit kit.

Users did not even have to click through on the ads to be affected, according to Websense, which said the first report it received of a malicious advert appearing on Spotify was from 24 March.

Once users' systems had connected to an outside IP address, the exploit kit would attempt to exploit a range of vulnerabilities, including a flaw affecting Adobe Reader and Acrobat.

The end objective from the hackers point of view was to get the Windows Recovery fake AV application on to user systems.

Once the malware was successfully installed, additional software could be installed to further compromise victims' systems.

A fifth of users who had seen the so-called "malverts" were from the UK, with 59 per cent based in Sweden, according to Avast.

No data on how many users had malware downloaded onto their computers was was available at the time of publication, although a number raised concerns with Spotify over Twitter.

Spotify relies on advertising revenue to keep its free service running, so the attacks represent a serious issue for the music streaming service.

Websense said malvertising was not a new concept, but this case was different.

"In the past the malicious ads have been displayed as part of a website and viewed with the browser. In this case the malicious ad is actually displayed inside of the Spotify application," the security firm said in a blog.

"If you had Spotify open but running in the background, listening to your favorite tunes, you could still get infected."

At the time of publication, Spotify had not responded to a request for a statement on the malicious ads, but has indicated its course of action over Twitter.

"We've turned off all 3rd party display ads that could have caused it until we find the exact one," one company post read.

Another said: "We're still investigating but we take this very seriously and will take every step possible to ensure it doesn't occur again."

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Google Play to trial alternative billing system in 'app store first'
billing

Google Play to trial alternative billing system in 'app store first'

24 Mar 2022
Spotify to expand into audiobooks with Findaway acquisition
mergers and acquisitions

Spotify to expand into audiobooks with Findaway acquisition

12 Nov 2021

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Electrical explosion reported at Google's Iowa data centre
data centres

Electrical explosion reported at Google's Iowa data centre

9 Aug 2022