Spotify has allowed malicious advertisers to use the Spotify platform to infect unaware Spotify users. The image above has been taken on 8/5/2015 and it clearly shows an malicious advertisement in the bottom of the screen.
The advertisement claims that I have won a iPhone and that I can claim it. Next to the fact that it claims to be a “important message” it is also moving continuously in its advertisement box. Making it a very intrusive advertisement.
Once clicked it redirects the user to the following domain:
hxxp://myperfectmobile.net/prelanders/a-nexus/wp/NL/ihone_6/win-iphone_NL_split.php?offer_id=22451&aff_id=192&aff_sub=fra1CI7H1ZTSpJWSdhACGKePsJj2ope0eCIMMzEuMjAxLjE0OS4wKAEwxsuIrgU
The site claims that I have won a price, and that I simply need to provide my “personal” information, so that they can send the device to my address.
Fuck off stupid malvertisment!
This is just another method for cybercriminals and scammers to harvest information which they can use in their attacks or schemes. Never give out your personal information to surveys on the internet. You never know who is going to receive that information.
I strongly urge everyone to be aware when using the Spotify application. Spotify is not performing any audits on the advertisement networks which are granted access to the Spotify free advertisement blocks.
Sad thing is, that only the ESET AV claimed that it is a suspicious site, all the other AV vendors claim that it is a clean site. Well, it can be clean, but it is certainly harvesting personal information from unaware users.