Spotify has become the latest tech giant to succumb to security issues as it was discovered that the free version of its service had been directing PC and Mac users towards websites filled with malware.

Although Spotify has since fixed the problem, a number of users from its community forum were reporting that virus-infected pop-up websites were appearing as they listened to music.

In a statement, the music streaming company said: “We have now identified the source of the problem and have shut it down.”

It continued, saying that a “questionable website pop-up” had only affected a “small number of users”.

Despite this, it is not the first time that Spotify has accidentally distributed malware-infected content through its advertising, as in 2011, it was hit by a malware attack that prompted users to install a fake ‘Windows Recovery’ anti-virus programme.

This week’s issue involved a single advert on the platform.

Since launching in 2008, Spotify has enjoyed a user base of 40 million subscribers, with around 10 million using the free streaming option.

Cybersecurity experts have warned that the practice of “malvertising” is on the increase globally, with around a quarter of the world’s 1,000 most visited websites having delivered malware through malicious advertisements in 2015.

Both windows and Mac computers were at risk.
Both windows and Mac computers were at risk.

Malvertising involves the injection of malicious malware-laden advertisements into legitimate websites and ad networks.

The advertisements therefore provide a platform for spreading malware, which can be inserted into highly reputable websites.

Unfortunately, this allows malefactors to push attacks to users that might not otherwise see such malvertisements.

Although the tactic has been around for some years, with 10 million ad impressions found compromised by malvertising in 2012, it is relatively little known and very hard to combat.

Speaking to the BBC, Jan Zika from Avast said:

Malvertising can slip onto any platform or website that displays ads delivered by advertising networks.

While malvertising is usually hosted on sites that provide illegal content such as movie downloads, it does occasionally make its way on to more mainstream platforms, such as Spotify.

Users should install antivirus software that will catch malvertising before it can do any harm.

A great number of users took to Twitter to express their frustration and the news has since hit the headlines with The Inquirer running the headline: “Spotify beats Apple and U2 at the crap download game with free malware.”

Here at SALT we are experts in website security and have assisted a range of clients with online security issues.

If you would like to know more about how we could help with your website, feel free to get in contact.

Spotify has since removed the accused advertisement.