IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Spotify targeted by malicious ads

The free version of Spotify is targeted by malicious ads, as hackers look to place malware on users' systems.

Spotify

Malicous adverts have appeared on the free version of Spotify, as hackers attempted to attack Windows users with the Blackhole exploit kit.

Users did not even have to click through on the ads to be affected, according to Websense, which said the first report it received of a malicious advert appearing on Spotify was from 24 March.

Once users' systems had connected to an outside IP address, the exploit kit would attempt to exploit a range of vulnerabilities, including a flaw affecting Adobe Reader and Acrobat.

The end objective from the hackers point of view was to get the Windows Recovery fake AV application on to user systems.

Once the malware was successfully installed, additional software could be installed to further compromise victims' systems.

A fifth of users who had seen the so-called "malverts" were from the UK, with 59 per cent based in Sweden, according to Avast.

No data on how many users had malware downloaded onto their computers was was available at the time of publication, although a number raised concerns with Spotify over Twitter.

Spotify relies on advertising revenue to keep its free service running, so the attacks represent a serious issue for the music streaming service.

Websense said malvertising was not a new concept, but this case was different.

"In the past the malicious ads have been displayed as part of a website and viewed with the browser. In this case the malicious ad is actually displayed inside of the Spotify application," the security firm said in a blog.

"If you had Spotify open but running in the background, listening to your favorite tunes, you could still get infected."

At the time of publication, Spotify had not responded to a request for a statement on the malicious ads, but has indicated its course of action over Twitter.

"We've turned off all 3rd party display ads that could have caused it until we find the exact one," one company post read.

Another said: "We're still investigating but we take this very seriously and will take every step possible to ensure it doesn't occur again."

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Google Play to trial alternative billing system in 'app store first'
billing

Google Play to trial alternative billing system in 'app store first'

24 Mar 2022
Spotify to expand into audiobooks with Findaway acquisition
mergers and acquisitions

Spotify to expand into audiobooks with Findaway acquisition

12 Nov 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022