Spotify under fire: Are we entering a new era of malvertising?

pandasecurity-antivirus-spotify

Tips to protect your personal data on online music streaming platforms like Spotify

Malvertising – yet another offspring of the online advertising, has been around since 2008. However, in 2016 we’ve been observing more and more creative ways of hackers trying to compromise your system by injecting malicious or malware-laden advertisements.
They are getting so creative that infected adverts are no longer a threat that comes only from questionable torrent websites.

There are reported cases of malicious codes being able to sneak up into your devices from reputable online advertising networks and webpages. A few days ago even Google acknowledged a fault in their Chrome browser – as reported by Ars Technica, over a two-month span starting in August 2016, a malicious advertising campaign downloaded the Banker.AndroidOS.Svpeng banking trojan on about 318,000 android devices. Even though the malicious installation files were not automatically executed, they have been named names such last-browser-update.apk and WhatsApp.apk – file names that could have been easily mistaken for legitimate ones.

Spotify was recently under fire too – multiple sources such as Engaged confirmed some listeners got not just free music but malicious code too. Some of the confirmed cases state files didn’t even have to be executed in order to cause damage. All three major platforms have been targeted – Linux, Mac and Windows. It is not yet confirmed if the code has been able to affect all three platforms.

How is this happening?

It’s not yet that hard to get unnoticed. All reputable advertising networks have strict guidelines for organizations interested on working with them. However, even though advertisers pass rigorous checks, in some cases advertisers can modify the ads after they have been approved. This is particularly easy when the ads are hosted on their own servers. Therefore, seeing a malicious ad should not surprise you and you will have to be prepared.

How do we stop it?

There is a simple way to not be a victim – remain vigilant. Hackers are after your credit card information, social security number, address and personal information. Just don’t share this information with them! Phishing tactics are getting more and more advanced and you need to stay on top of your game – here’s how;

  • Don’t be afraid to install antivirus software on your device. You don’t drive your car without a car insurance, do you? Why would you leave your cell phone, PC and/or Mac vulnerable to threads without any type of backup? The best way to know if you are being targeted is to have the software that would sound the alarm if there is any suspicious behaviour around your connected devices. Panda’s Internet Security is a must and it comes with 1 month free trial.
  • Remain vigilant – even if you are protected, phishing emails could be so well done and could take you to spoof sites that may look as good as the original ones. Always check the URL you are on and make sure you double and triple check the page location if you are being asked to provide your login details or to reset a password. You may be in the wrong place!
  • Don’t use the same password over and over again – as we reported, millions of passwords have been stolen over the last years that it is very likely your username and password are in someone’s database already. Using the same password is similar to not changing the lock after purchasing a condo, you literally don’t know who else already has a key. Don’t test it, better be safe than sorry!

The post Spotify under fire: Are we entering a new era of malvertising? appeared first on Panda Security Mediacenter.

Leave a Reply