Spotify: Malware Pop-ups Affected ‘Small Numbers’

Spotify said it has fixed a problem that saw a number its subscription-free users hit with virus-laden pop-up websites.

The problem seems to have occurred on Windows, Mac and Linux machine, but the music streaming platform claimedonly a small number of users had been affected.

Pop-up Websites

The problem came to light in a community post by a user called Tonyonly. He warned of an “alarming” issue with the Spotify Free service, which “will launch – and keep on launching – the default internet browser on the computer to different kinds of malware / virus site.”

“I have 3 different systems (computers) which are all clean and they are all doing this, all via Spotify – I am thinking it’s the Ads in Spotify Free,” he wrote. “I hope this has been noticed and Spotify staff are fixing it – fast. But it’s still puzzling something like this can actually happen.”

Spotify responded and said that the problem had been fixed.

“We’ve identified an issue where a small number of users were experiencing a problem with questionable website pop-ups in their default browsers as a result of an isolated issue with an ad on our Free tier,” said Spotify.

“We have now identified the source of the problem and have shut it down,” it added. “We will continue to monitor the situation.”

Malvertising attacks target ad distribution networks, infecting them with malicious creatives that then attempt to install malware of vulnerable systems using a variety of exploit kits. Such attacks have targeted adult websites as well as bigger names like Yahoo. This has led many to question the safety of Flash and caused some to adopt ad blockers.

Previous Scares

This is not the first security scare with Spotify. Earlier this year it denied it was hacked after the personal details of hundreds of its users were posted online. The usernames, passwords and email addresses of members were discovered on Pastebin by security researchers.

In February the details of hundreds of Spotify Premium accounts were also apparently leaked. In 2011 Spotify inadvertently distributed malware-infected content via its advertising network.

Spotify has undergone great growth but earlier this year it revealed it had moved its back-end infrastructure onto the Google Cloud Platform.

It had previously hosted its service in its own data centre facilities, but admitted it was struggling to scale its back-end infrastructure.

How much do you know about the world’s most notorious hackers? Try our quiz!