Music Lovers “Spotted” Downloading Malware Via Spotify

Users taking advantage of the free version of the Spotify music service have recently been the targets of those wishing to do harm using malicious advertising. Some users have complained that even when performing no action at all, ads on the site were launching their default web browsers. It is not known at this time what actions the ads do once the new popup is open, but that may just be because no one has figured it out yet.

Malicious ads can do a lot of damage. They can launch attacks such as hijack users’ traffic, install key loggers, or simply inject malware on to the computer; and no one has to click or open anything for these things to happen. That is why making sure your devices are updated with the latest operating system versions and patches is so important. If these attacks are taking advantage of a known issue, having the patches applied will prevent them from hitting you.

In addition, install anti-malware products on all devices that connect to the Internet. This includes all mobile devices. Mobile malware infections are on the rise and because of the increase in use of these to do financial transactions and access accounts that store sensitive information, they are not expected to decline any time soon.

Spotify has taken action and is blocking the suspect ads. If you use the free service and notice a black bar on the web page, that is possibly one such ad. However, because of the ease of getting malware into those ads, Spotify likely has not found them all. So update your computers and devices and make sure your anti-malware products are all updated and running.

This is not the first time Spotify has been in the cyber security news. In 2014, it was the victim of a data breach that the company believed was a "proof of concept" attack intended as a test for a larger attempt. Earlier this year, the company blamed password reuse for strange activity some users were complaining about with their accounts and forced Android users to change passwords. It also isn't the only music service under attack. Pandora also experienced a security incident, as did spin.com and more recently, Last.fm found data of its customers from 2012 for sale on the Dark Web.

© Copyright 2016 Stickley on Security