Over the past few weeks, users have been reporting that advertisements inherent in the free version of Spotify have been leading to malware links and even automated malware downloads on a handful of user’s devices. For those who are unaware, Spotify provides its free music streaming service by interrupting streams between songs with commercials and clickable links. The ad revenue generated by this practice makes up for the money lost in allowing the option of free usage of the service.
This practice, known as “Malvertising”, has hit numerous companies since the inception of “free” subscriptoin options became popular a few years ago. Yahoo, the New York Times, and BBC are three major entities that have been hit by malware-infected advertisements. The problem is relatively common because ad space is typically sold via third-party auctioneers to the highest buyer. If malicious code makes its way through the auctioning process, then it can potentially bypass the screening of the site that it will be advertised on.
Spotify claims that it has looked into the situation and has removed the malicious advertisements but the safest bet for users is to fork over the cash to unlock the premium service.