Spotify Free Desktop Users Facing Malware-Filled Ads on Mac and Windows

[MacRumors]

A few reports coming in over the past day describe occurances where Spotify's free streaming service on desktop computers is pushing malware-filled advertisements to users without their input.

According to a user posting on Spotify Community, the malware causes ads to launch "and keep on launching" the computer's default browser to different sites lined with viruses (via The Next Web). Multiple macOS and Safari users have confirmed the issue to be happening on Apple systems.

There's something pretty alarming going on right now with Spotify Free. This started a several hours ago. If you have Spotify Free open, it will launch - and keep on launching - the default internet browser on the computer to different kinds of malware / virus sites. Some of them do not even require user action to be able to cause harm.

I have 3 different systems (computers) which are all clean and they are all doing this, all via Spotify - I am thinking it's the Ads in Spotify Free. I hope this has been noticed and Spotify staff are fixing it - fast. But it's still puzzling something like this can actually happen.

It's not clear yet what's causing the issue, but multiple confirmations of its connection with Spotify Free have surfaced on Twitter, with users reporting that malware ads have appeared on both Mac and Windows platforms. Spotify has responded to a few users on Twitter and appears to be looking into the issue, but has yet to make an official announcement.

One Mac user was running OS X El Capitan 10.11.6 on a mid-2014 MacBook Pro when the ads in Safari began popping up.

PSA: uninstall Spotify free, their ads are plagued with malware right now. pic.twitter.com/DUOqDrnDUZ - Volp (@VolpRS) October 5, 2016

Since no official fix for the problem has come from the company, many users are resorting to simply uninstalling the free Spotify player from their desktop for the time being. The streaming service faced a similar issue five years ago, where advertisements popped up on Windows machines and installed fake antivirus software onto the computer.

Spotify eventually commented on the problem, saying "we sincerely apologize to any users affected. We'll continue working hard to ensure this does not happen again and that our users enjoy Spotify securely and in confidence."

Article Link: Spotify Free Desktop Users Facing Malware-Filled Ads on Mac and Windows

 

[maflynn]

Isn't there a saying; there's no such thing as bad PR?

I think this could qualify as such, not what Spotify wants to be known for

 

[CarpalMac]

Isn't there a saying; there's no such thing as bad PR?

Publicity.

There is definitely such thing as bad PR, just ask Ashley Madison.

 

[Northgrove]

Jesus, that sounds very serious!

Spotify needs to reconsider which kind of ads they allow. Obviously they can't allow anything involving scripts!? The app has to only support static JPEG's, and the JPEG's need to be verified to actually be JPEG's for that matter. If they are blindly trusting ad providers, they are doing it very wrong.

 

[Fall Under Cerulean Kites]

Apple Music should launch a campaign. Switch from Spotify Free and get 6 months of free music during which time, we promise to not infect your Mac!

 

[ArtOfWarfare]

Not a problem for me since I'm on Spotify Premium, but that sucks.

I'm surprised that they don't seem to vet ads before allowing them to appear.

 

[canadianreader]

That is called a lack of product quality control

 

[Andres Cantu]

First Samsung, now Spotify. Somehow luck is on Apple's side this year!

 

[iBreatheApple]

That is called a lack of product quality control

Kinda like when Apple released Maps.

 

[iGeek2014]

Apple Music should launch a campaign. Switch from Spotify Free and get 6 months of free music during which time, we promise to not infect your Mac!

Shame it's called iTunes ;-)

 

[LordQ]

Any kind of Ad is malware itself.

 

[oneMadRssn]

This sort of thing happens more and more often these days. It happened to Forbes, MSN, Reader's Digest, Yahoo, Daily Mail. It's a huge problem on all ad-supported web services, not just Spotify.

Not saying Spotify isn't partially to blame. They chose the advertising partners to work with, and obviously those partners do a piss poor job of vetting ads. Still, this should be a moment to point the pitchforks at the advertising industry as a whole, rather than just Spotify.

 

[canadianreader]

Kinda like when Apple released Maps.

It's true and in the case of Spotify it's harmful

 

[AngerDanger]

Aside from a free month of Spotify Premium using the iOS app, I've never used the service.

But I am interested to know how the exploit works. Are advertisers given the opportunity to send in an image and URL? If so, perhaps the attack relies on cross site scripting; part of the URL contains characters that complete the URL (like a single quotation mark) and then adds scripting of its own (e.g. onload="Window.location.href='badsite.org'"), so the URL is seen as done and then the rest is treated as a script that runs once the ad element loads on the page.

I'm oversimplifying quite a bit, but you get the idea.

 

[whyamihere]

And people wonder why I install ad blockers on all of my browsers.

 

[CarlJ]

"Spotify announces new pricing plan: Paid tier and Owned tier."

Industry observers insist that Apple is Doomed™ unless Apple Music adds a malware option in order to keep up with Spotify.

 

[keysofanxiety]

Industry observers insist that Apple is Doomed™ unless Apple Music adds a malware option

Does Taylor Swift count?

 

[macduke]

Kinda like when Apple released Maps.

True, except for the fact that Maps didn't infect your device with malware which may lead to your identity being stolen, ruining your credit and/or life until things get sorted out, which can sometimes take months or years (I worked in banking while in college and heard the stories from customers). But you know, who needs perspective anyway?

 

[danleon950410]

It's true and in the case of Spotify it's harmful

Kinda like when the iOS 10 update bricked some iPhones and iPads

Edit: And iOS 8 update
Edit2: And iOS 9.3 update
Edit3: And 9.2.1 update

 

[Nozuka]

First Samsung, now Spotify. Somehow luck is on Apple's side this year!

or they got a new competition sabotage team

 

[Andres Cantu]

or they got a new competition sabotage team

Lol, that's a good one! If only it were the other way around!

 

[Rigby]

Jesus, that sounds very serious!

Spotify needs to reconsider which kind of ads they allow. Obviously they can't allow anything involving scripts!? The app has to only support static JPEG's, and the JPEG's need to be verified to actually be JPEG's for that matter. If they are blindly trusting ad providers, they are doing it very wrong.

They probably get the ads from some advertising network. This kind of thing happens even to the big guys (e.g. Google: http://www.theverge.com/2014/9/19/6537511/google-ad-network-exposed-millions-of-computers-to-malware).

As someone already wrote, the advertisers should not be suprised that more and more people use adblockers. At this point it's a prudent measure of self-defense ...

 

[Karma*Police]

Apple Music should launch a campaign. Switch from Spotify Free and get 6 months of free music during which time, we promise to not infect your Mac!

Not a bad idea... the switch campaign, that is. Apple can do it fairly low key and offer Spotify users an easy way to move their playlists over along with a 6 month free trial to make it painless and risk-free.

 

[machpost]

Speaking of Spotify, has anyone else experienced issues with the web player occasionally not working over the last week or so? It's working for me now, but for how long I don't know.

 

[69Mustang]

Not a bad idea... the switch campaign, that is. Apple can do it fairly low key and offer Spotify users an easy way to move their playlists over along with a 6 month free trial to make it painless and risk-free.

Not a great idea either. These are the same people who haven't seen fit to pay for streaming services. At the end of 6 months they would most likely move their playlists to GPlay Music for 3 months, then Pandora's paid tier for 3 months, and finally back to Spotify after they've had a year to clean up their advertising program. Chasing customers who don't want to pay is a losing proposition. They're the reason Spotify isn't profitable in the first place.