Is this the real life? Is this just fantasy? Spotify serving malware, no escape from reality

Open your eyes, look up to the skies and see

Spotify has apologized to its subscribers after it served up malicious adverts that attempted to infect listeners' computers.

The problem occurred with Spotify Free, which lets people to stream music gratis in exchange for being played and shown adverts. One advertiser sneakily embedded nasty software code into its Spotify ads that hijacked browsers on macOS and Linux systems.

We're told the ads caused the computers' default browsers to open up dodgy websites that then attempted to install malware or steal victims' passwords.

"OS X and Linux users claim to have been hit with redirects to phishing and tech support scams," said Pieter Arntz, a malware intelligence researcher at Malwarebytes Labs.

"While this is certainly nothing compared to the impact malvertising can have on a Windows system, it can nevertheless have a big impact if users don't keep their wits about them."

Twitter quickly lit up with complaints from outraged pop fans and folks on Spotify's support forums reported multiple infections.

"There's something pretty alarming going on right now with Spotify Free," said one listener earlier this week.

"This started a several hours ago. If you have Spotify Free open, it will launch – and keep on launching – the default internet browser on the computer to different kinds of malware and virus sites. Some of them do not even require user action to be able to cause harm."

Spotify reckons it has now rinsed out the bad ads.

"We've identified an issue where a small number of users were experiencing a problem with questionable website pop-ups in their default browsers as a result of an isolated issue with an ad on our Free tier," the biz said.

"We have now identified the source of the problem and have shut it down. We will continue to monitor the situation."

You'd think they would, since this isn't the first time Spotify advertising has delivered malware to its customers' computers. Five years ago it had the same problem with its Free service, and promised to make sure it didn't happen again then, too. ®

Biting the hand that feeds IT © 1998–2020