SPOTIFY TAKES ACTION AFTER ADVERTS SEND USERS’ BROWSERS TO MALWARE
Spotify was forced to take action last night after users realised adverts on the music service were directing them to malware.
User tonyonly posted a report to its community page claiming that promotions on Spotify Free kept sending his browser to “different kinds of malware/virus sites”.
Although his post suggested the issue was occurring on Windows, it was also reported to be putting users at risk on platforms including Ubuntu and MacOS.
However, Spotify later said it had dealt with the issue and was keeping an eye on it.
“A small number of users have experienced a problem with questionable website pop ups in their default browsers as a result of an isolated issue with an ad on our free tier,” it said. “We have now identified the source of the problem and have shut it down.
“We will continue to monitor the situation.”
It is fairly common for well-known advertising platforms to serve adverts that send users to malware and viruses, and security experts say it is something businesses need to consider.
“We’ve seen an increase in malvertising of this kind,” said Rahul Kashyap, executive vice president and chief architect at Bromium. “Last year, our threat sensors found over a quarter of the Alexa 1,000 websites were delivering malware via malicious advertisements.
“This is something that enterprises need to think about, as users see their desktops as personal devices. Threats like these will always find their way into the corporate network. Unless you completely lock down users’ desktops, which isn’t practical, you will always experience user-introduced vulnerabilities.
“Instead of trying to change human behaviour, companies should accept that users are always going to be the weakest link in the security chain.
“The trick is to contain the threat, so the enterprise isn’t placed at risk. The ideal way to do this is to shrink the attack surface by isolating the endpoint so doing things like clicking on links or downloading documents is contained.
“Then, even if that action introduces malware, it can’t go beyond that point.”