Industry News

Spotify app used to serve rogue ads

The freemium version of the music streaming service has been serving malicious ads to some of its clients, according to news reports.

In-app ads leading to malware-infected websites popped-up in clients’ default web browsers, several Spotify users wrote on the Spotify Community website and Twitter.

“There’s something pretty alarming going on right now with Spotify Free”, one user wrote. “This started a several hours ago. If you have Spotify Free open, it will launch – and keep on launching – the default internet browser on the computer to different kinds of malware/virus sites.”

The free version of the app supports adverts that play in between songs, an annoying functionality to some users who have designed special ad blockers to mute them.

This issue affected users of Linux, Mac and Windows systems.

Source: Twitter
Source: Twitter

The company acknowledged the problem and said to have removed the advert that caused the problem.

“A small number of users have experienced a problem with questionable website pop ups in their default browsers as a result of an isolated issue with an ad on our free tier”, Spotify wrote. “We have now identified the source of the problem and have shut it down. We will continue to monitor the situation.”

Malvertising continues to be a serious problem. For instance, 19.55 percent of global Android threats identified by Bitdefender in 2016 are fake mobile apps that install malware or aggressive adware.

Why are rogue ads a security risk?

Adware make its way on machines when users surf the web or gets bundled with freeware downloaded from the Internet. It poisons web search results with unwanted pop-up ads after covertly tracking users’ online behavior. It also redirects users to unwanted pages they are not really interested in. Its purpose is to make money with every click. But adware can also be really invasive, can drain users’ computer resources or expose them to security risks like keyloggers and even man-in-the-middle traffic interception attacks.

How to control pop-up ads

Whether they pose security risks or performance headaches, some types of adware are more than a nuisance. Here are five key tips to stay adware-free:

  • Be selective about the programs you download to your computer. Make sure you really need a program before downloading it since some programs can carry spyware and other unwanted programs.
  • Read licensing agreements. They should tell you everything about how your data is collected, stored and shared with third parties.
  • Watch out for anti-spyware scams. Some tools pretend to help you get rid of unwanted applications, but they actually do the opposite.
  • Beware of clickable advertisements. Use an ad-blocker to avoid malicious or simply annoying ads.
  • Keep your software updated, some software updates include improvements that help control pop-ups.

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.

1 Comment

Click here to post a comment
  • As per cyber-security experts like other attacks, malvertising is also on the rise these days. As the scale of popular advertising networks can be misused to push malicious content to a wide number of users.

    No one expects to get infected with malware when they visit trusted sites. Yet attackers are targeting user’s implicit trust of these sites to infect them via the third-party ad content quietly displaying on these pages.

    I agree about controlling pop-up ads, whether it looks trustworthy or not. As, malvertising is a tough problem to solve.