Spotify hit by malicious ads

News

Spotify hit by malicious ads

Warwick Ashford

Spotify, the popular streaming music service, has been displaying malicious advertisements to users of its Free version, warns security firm Websense.

The ads lead to websites that use the Blackhole Exploit Kit to infect users with the Windows Recovery fake anti-virus (AV) application.

Malvertising is nothing new, but this case is slightly different, says Patrick Runald, of Websense Security Labs.

Usually malicious ads are displayed as part of a website and viewed with the browser, but in this case the malicious ad is displayed inside the Spotify application. It also appears to be targeting only users in the UK and Sweden.

"This means that it is enough that the ad is just displayed to you in Spotify to get infected, you do not even have to click on the ad. So if you had Spotify open, but running in the background, listening to your favourite tunes, you could still get infected," according to Runald.

Once the ad is displayed, it connects to hxxp://uev1.co.cc, where the exploit kit tries several vulnerabilities, including a vulnerability in Adobe Reader and Acrobat to infect the user.

The IP address where the malicious content is hosted is well-known, and Websense Security Labs has seen it host the same exploit kit on other domains.

The fake AV installs a rootkit, a type of malicious software that only four out of 43 antivirus engines detect, according to Virus Total.

Spotify removed all third party ads in the free version while it carried out an investigation, but the ads have now been turned back on, said Websense.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy