This past week, Spotify-thwarted a malvertising campaign that affected customers of its free tier, bombarding some users with annoying popups that tried to push malware.
First signs that something was off appeared on Tuesday, October 4, when users complained on the Spotify forums. A day later, some reports started surfacing on Twitter as well.
Users said the Spotify client app was unexpectedly opening a browser to a specific URL that showed a popup window. The popup was trying to lure users into downloading a software package laced with malware.
Complaints came from Linux, Mac, and Windows users. The issue was active only for users of the Spotify Free tier, which allows users to listen to a limited set of songs, with the trade-off that the company shows ads once in a while.
A day later,Spotify narrowed down the source of the problem to a series of rogue ads.
“ We’ve identified an issue where a small number of users were experiencing a problem with questionable website pop-ups in their default browsers as a result of an isolated issue with an ad on our Free tier. We have now identified the source of the problem and have shut it down. We will continue to monitor the situation. If you see this issue again, please let us know the exact date and time in this thread. ”
Events like these had happened before to SpotifyFree users, and Spotify isn’t the only online service affected by malvertising campaigns.
While ad-blocking browser extensions hurt the online economy and the revenue stream of small websites, they are also the only known methods that can block online malvertising campaigns.
Unfortunately, ad blockers can’t protect Spotifyusers. If the mysterious popups persist, users should uninstall the Spotify client until the issue gets resolved.