A security breach last week slipped malware from a seemingly harmless ad into Spotify users' desktop and laptop computers after the Swedish streaming service's in-app ads began unloading unwanted programs to both MacOS and Windows users.
Naked Security notes that even though Spotify has repeatedly denied that their database is vulnerable to certain intrusions, hackers have penetrated it yet again
The problem was quickly addressed by Spotify's engineers though, with Spotify stating on several threads through its Community Forums that they have "identified an issue where a small number of users were experiencing a problem with questionable website pop-ups in their default browsers as a result of an isolated issue with an ad on our Free tier," while continuing to "monitor the situation" in case any other external threat arises.
It's easy enough to distinguish if an ad is sketchy or not, but when bad ads are served by trusted software like Spotify, users let down a key point in their security.
According to Malwarebytes, the technique called "malvertising" is a fairly common practice among black hat hackers. Spotify isn't the first tech firm targeted through its ads. PCWorld reports that even giants like Alphabet's now-subsidiary Google has been thrown malware-loaded ads by its partner, Bulgarian advertising firm Engage Lab.
Such exploits are usually detected and prevented beforehand by anti-malware programs and ad-blocking browser extensions. However, it is through social engineering or mass-scale psychological manipulation that most of these malicious software are distributed in the first place.
You need to protect your home (and your ears, in this case) with trusted web security applications, but sometimes what you really need is a fair bit of common sense to not click on that unbelievably appealing ad.