Spotify users have been targeted by a malvertising campaign, the malicious advertising served to the victims could automatically open a web browser and redirect victims websites hosting malware.
Spotify is a popular online music service that allows its users to listen to music on multiple devices.
Users could pay for the service or don’t pay accepting to receive ads that they can interact with.
Recently a number of users of the Free version of the Spotify service have noticed that the ads served by the platform were launching a Web browser to open a website without their interaction.
“There’s something pretty alarming going on right now with Spotify Free. This started a several hours ago. If you have Spotify Free open, it will launch – and keep on launching – the default internet browser on the computer to different kinds of malware / virus sites. Some of them do not even require user action to be able to cause harm.” reported a Spotify posted.
According to the company, other users of the community faced the same problem:
“We’ve identified an issue where a small number of users were experiencing a problem with questionable website pop-ups in their default browsers as a result of an isolated issue with an ad on our Free tier. We have now identified the source of the problem and have shut it down. We will continue to monitor the situation. If you see this issue again, please let us know the exact date and time in this thread.” reported Spotify.
Malvertising campaigns are very dangerous, attackers can launch such kind of attacks to hijack users’ traffic or to deliver malware to the visitors of a website.
“Some of the usual ads are external like those for Rebook shoes. For those, you have to click on them and you are redirected to the ad coming up in your default browser,” Oscar Anduiza, malware analyst at Avira, wrote in a blog post. “But this time we had some aggressive ads that were spam and scams which automatically opened up in the browser without any user consent.”
It is important to note that in many cases users doesn’t have to interact with the malicious ad, because a malicious code injected in the targeted websites makes the dirty job.
Oscar Anduiza explained that Spotify opted to cut malicious ads in order to mitigate the attacks.
“Looks like Spotify has responded by simply cutting out the suspect ads. “Some of the advertisements that should appear within the app on the black bar are now closed,” explained Anduiza. “I would say that they cut them directly.”
The best protection against malvertising campaign is used security solutions to mitigate the threat and to keep the OS and applications updated.
(Security Affairs – Spotify , malvertising)