When ads go bad: Spotify ads served malicious content to free users

Grace Macej 7 Oct 2016

Even mainstream platforms like Spotify aren't foolproof against malvertising, as was shown by the provider's recent encounter with malicious ads.

The only thing worse than annoying advertisements is malicious advertisements.

Spotify has recently had a run-in with malicious advertising (malvertising) being served to all users of their free program. While Spotify doesn’t seem like the most likely candidate to be serving up malicious content to its loyal users, malvertising is capable of subjecting many providers to spreading the wrong kind of ads to unknowing victims.

The issue at hand affected free Spotify listeners, regardless of the platform they used. This means that whether they were listening on a Mac, Windows, or Linux, there’s a chance that they could have laid eyes on a malicious ad or two during the time that the malvertising campaign was active. Fortunately, Spotify resolved the issue fairly quickly this time around, as was pointed out by Engadget.

Malvertising can slip onto basically any platform or website that displays ads delivered by advertising networks. These networks provide people or organizations interested in displaying their ads with a fixed volume or time of advertising on platforms or websites. Advertisers can change their ads while they are actively running, especially if they host the ads on their own servers.

If the responsible advertising network isn’t careful, bad-intentioned advertisers could serve malvertising instead of regular ads. While malvertising is usually hosted on sites that provide illegal content, such as torrents or streaming media, it does occasionally make its way onto more mainstream platforms, like Spotify.

Learn how to outsmart spam and phishing scams

Phishing tactics are often used with malvertising and can trick people into giving up sensitive information, like login details or credit card information. The tricky part about malvertising is that it can often infect users without them needing to take any action. Install antivirus software that will catch malvertising before it can do any harm and should be cautious when entering personal information on the web. Here’s how you can protect yourself against phishing attempts:

  • Install antivirus software that can stop phishing and spam in its tracks detection. Avast Internet Security, one of our premium products, features top-tier phishing and spam detection.
  • Pay attention to the log-in page’s location. The first thing is to realize where a site’s log-in process is located. In this example, the first red flag is the website domain – it obviously doesn’t belong to Avast. Unfortunately, there is no secure protocol that exists as today's standard in log in processes. This makes it especially important to keep your eyes peeled when providing log in info to any website.
  • Legitimate links don’t always ensure safety. Cybercriminals also try to use legitimate links within phishing scams. These authentic links can be mixed in with links to a fake phishing website in order to make the spoof site appear more realistic.

Image via The Next Web

--> -->