Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Spotify Falls Victim to Malvertising Attack

People using the Spotify Free online music service have been served malicious advertisements that could automatically open a web browser and redirect them to malware-laden sites.

People using the Spotify Free online music service have been served malicious advertisements that could automatically open a web browser and redirect them to malware-laden sites.

Spotify is a so-called freemium online music service that people can use to listen to music on multiple devices, including computers, mobile phones, tablets, and even TVs. Those willing to pay for the service enjoy the music at their own pace, but those who don’t pay are served ads that they can interact with.

Normally, a user would need to click on an ad to have it launching a web page in the browser, but some Spotify Free users recently noticed that the ads they were seeing were behaving differently. Specifically, the ads were launching a Web browser to open a website without user interaction.

“This started a several hours ago. If you have Spotify Free open, it will launch – and keep on launching – the default internet browser on the computer to different kinds of malware / virus sites. Some of them do not even require user action to be able to cause harm,” one user posted on the Spotify Community forum.

Other users reported similar behavior, and Spotify has already confirmed that the issue affected some of its users. They were “experiencing a problem with questionable website pop-ups in their default browsers as a result of an isolated issue with an ad on our Free tier. We have now identified the source of the problem and have shut it down. We will continue to monitor the situation,” Spotify said.

The incident is a perfect example of how malvertising campaigns can hit users through more than just websites. As long as a connected application can serve ads and cybercriminals are able to trick networks into accepting their nefarious ads, malvertising will happen. Attackers hide malicious code inside seemingly legitimate adverts, and users with vulnerable devices pay the price.

Malicious ads can be used not only to aggressively redirect users to websites they don’t want to visit, but also to download malware on their devices in what researchers call drive-by attacks. The user doesn’t even have to interact with the malicious ad, because the script hidden inside it does everything automatically.

Oscar Anduiza, malware analyst at Avira, also noted that the dead giveaway in this incident was the abnormal behavior of the displayed ads. “But this time we had some aggressive ads that were spam and scams which automatically opened up in the browser without any user consent,” Anduiza said.

He also notes that Spotify was right to act on the issue so fast, and that the service appears to have cut the suspect ads directly. “Some of the advertisements that should appear within the app on the black bar are now closed. I would say that they cut them directly,” Anduiza also said.

As always in situations where malvertising is involved, users can stay protected by keeping their applications and operating system updated at all times. They should also consider installing and maintaining an anti-malware solution for increased protection.

Related: Massive Malvertising Campaigns Hit Sites Worldwide

Related: Malvertising Campaign Hits Top Global Websites

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.


Security researchers with Juniper Networks’ Threat Labs warn of a new Python-based backdoor targeting VMware ESXi virtualization servers.