Spotify: Malware Pop-ups Affected ‘Small Numbers’

Spotify said it has fixed a problem that saw a number its subscription-free users hit with virus-laden pop-up websites.

The problem seems to have occurred on Windows, Mac and Linux machine, but the music streaming platform claimedonly a small number of users had been affected.

Pop-up Websites

The problem came to light in a community post by a user called Tonyonly. He warned of an “alarming” issue with the Spotify Free service, which “will launch – and keep on launching – the default internet browser on the computer to different kinds of malware / virus site.”

“I have 3 different systems (computers) which are all clean and they are all doing this, all via Spotify – I am thinking it’s the Ads in Spotify Free,” he wrote. “I hope this has been noticed and Spotify staff are fixing it – fast. But it’s still puzzling something like this can actually happen.”

Spotify responded and said that the problem had been fixed.

“We’ve identified an issue where a small number of users were experiencing a problem with questionable website pop-ups in their default browsers as a result of an isolated issue with an ad on our Free tier,” said Spotify.

“We have now identified the source of the problem and have shut it down,” it added. “We will continue to monitor the situation.”

Malvertising attacks target ad distribution networks, infecting them with malicious creatives that then attempt to install malware of vulnerable systems using a variety of exploit kits. Such attacks have targeted adult websites as well as bigger names like Yahoo. This has led many to question the safety of Flash and caused some to adopt ad blockers.

Previous Scares

This is not the first security scare with Spotify. Earlier this year it denied it was hacked after the personal details of hundreds of its users were posted online. The usernames, passwords and email addresses of members were discovered on Pastebin by security researchers.

In February the details of hundreds of Spotify Premium accounts were also apparently leaked. In 2011 Spotify inadvertently distributed malware-infected content via its advertising network.

Spotify has undergone great growth but earlier this year it revealed it had moved its back-end infrastructure onto the Google Cloud Platform.

It had previously hosted its service in its own data centre facilities, but admitted it was struggling to scale its back-end infrastructure.

How much do you know about the world’s most notorious hackers? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago