We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Spotify targeted by 'Blackhole' malware ads

Rogue ad appears in music streaming app

Popular music streaming site Spotify has been spotted serving the same fake antivirus software campaign that compromised large numbers of UK servers in February, security companies have reported.

According to Websense, from 11.30am GMT on 24 March, an unknown number of users of the ‘Free’ version of Spotify’s Windows desktop app were served one of a range of possible remote software exploits through a rogue advert running inside the application itself.

On unpatched systems where this behaviour was not detected by antivirus software, a bogus security application called ‘Windows Recovery’ would then have run. As with all apps of this kind Windows Recovery eventually pretends it has found a number of errors on targeted Windows PCs that must be fixed by taking out a license.  This licence is as useless as the software itself.

Disturbingly, the ad does not require any user interaction to test the exploits against the system, and runs itself simply because the Spotify application has been loaded. The only Spotify users definitely not affected are paid subscribers whose clients do not display in-app advertising or those users who did not encounter it as the ads cycled. Mobile clients would not be affected.

Spotify later turned off ads while it searched for the root of the problem, which have yet to be turned back on for all users as of 28 March.

According to Avast, 59 percent of those encountering the ad were in Sweden, 40 percent in the UK, and 1 percent in other countries.

The malware engine serving the exploits is believed to be based on based on the Russian Blackhole Exploit Kit, a recent and little-known program that is proving suddenly very popular with rogue antivirus pushing criminals.

Last week, security company AVG said it had detected a large campaign built using this kit and directed against UK Internet users specifically.

IDG UK Sites

What is Google Photos? How to back up and share all of your photos for free

IDG UK Sites

Why I think the Apple Watch sucks and you'd be mad to buy it

IDG UK Sites

Swatch launches a colourful smartwatch

IDG UK Sites

New Apple TV 2015 release date rumours: TV streaming service delayed, hand gesture interface being...