Connect with us

Hi, what are you looking for?


Malware & Threats

Spotify Falls Victim to Malvertising Attack

People using the Spotify Free online music service have been served malicious advertisements that could automatically open a web browser and redirect them to malware-laden sites.

People using the Spotify Free online music service have been served malicious advertisements that could automatically open a web browser and redirect them to malware-laden sites.

Spotify is a so-called freemium online music service that people can use to listen to music on multiple devices, including computers, mobile phones, tablets, and even TVs. Those willing to pay for the service enjoy the music at their own pace, but those who don’t pay are served ads that they can interact with.

Normally, a user would need to click on an ad to have it launching a web page in the browser, but some Spotify Free users recently noticed that the ads they were seeing were behaving differently. Specifically, the ads were launching a Web browser to open a website without user interaction.

“This started a several hours ago. If you have Spotify Free open, it will launch – and keep on launching – the default internet browser on the computer to different kinds of malware / virus sites. Some of them do not even require user action to be able to cause harm,” one user posted on the Spotify Community forum.

Other users reported similar behavior, and Spotify has already confirmed that the issue affected some of its users. They were “experiencing a problem with questionable website pop-ups in their default browsers as a result of an isolated issue with an ad on our Free tier. We have now identified the source of the problem and have shut it down. We will continue to monitor the situation,” Spotify said.

The incident is a perfect example of how malvertising campaigns can hit users through more than just websites. As long as a connected application can serve ads and cybercriminals are able to trick networks into accepting their nefarious ads, malvertising will happen. Attackers hide malicious code inside seemingly legitimate adverts, and users with vulnerable devices pay the price.

Malicious ads can be used not only to aggressively redirect users to websites they don’t want to visit, but also to download malware on their devices in what researchers call drive-by attacks. The user doesn’t even have to interact with the malicious ad, because the script hidden inside it does everything automatically.

Oscar Anduiza, malware analyst at Avira, also noted that the dead giveaway in this incident was the abnormal behavior of the displayed ads. “But this time we had some aggressive ads that were spam and scams which automatically opened up in the browser without any user consent,” Anduiza said.

Advertisement. Scroll to continue reading.

He also notes that Spotify was right to act on the issue so fast, and that the service appears to have cut the suspect ads directly. “Some of the advertisements that should appear within the app on the black bar are now closed. I would say that they cut them directly,” Anduiza also said.

As always in situations where malvertising is involved, users can stay protected by keeping their applications and operating system updated at all times. They should also consider installing and maintaining an anti-malware solution for increased protection.

Related: Massive Malvertising Campaigns Hit Sites Worldwide

Related: Malvertising Campaign Hits Top Global Websites

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...