The cybersecurity company ESET warned about a new tactic used by cybercriminals to spread malicious links through the Spotify streaming platform.
Attackers insert these links into the descriptions of podcasts and playlists, taking advantage of the platform’s reputation and high search rate to redirect users to fraudulent sites.
These links promise downloads of cracked software, e-books and virtual currencies from popular online games such as Fortnite, putting the safety of users at risk, according to the firm in a statement.
Spotify has become an attractive target for cybercriminals due to its high number of users, he added.
This deception tactic is not new, since cybercriminals had long ago taken advantage of platforms such as YouTube and video game crack and cheat services to distribute malicious content, according to Camilo Gutiérrez Amaya, head of the ESET Latin America Research Laboratory.
Read: Chinese hackers steal a ‘large number’ of Americans’ metadata
Mode of Operation
The modus operandi observed on Spotify includes the insertion of malicious links in the description of certain podcasts. When searching for cracked software on Google, users may be redirected to Spotify, where they are offered a supposed download of a pirated version of an app, such as iTopVPN.
By clicking on those links, users are directed to a podcast whose seemingly harmless content hides multiple download links for pirated software.
The cybersecurity company analyzed the files downloaded through these links and discovered that it was a malicious installer (MSI file).
This type of malware can flood devices with adware, display invasive pop-up advertisements, and redirect users to even more dangerous sites, which can result in downloading more serious malware.
Recently, users on the social network X have reported similar cases of distribution of malicious links in the description of Spotify podcasts, where the links disguise illegal content such as audiobooks or pirated material.
To avoid falling into this type of deception, it is advisable to follow these practices:
- Avoid interacting with suspicious links. If something seems too good to be true, it probably is.
- Report malicious content through the Spotify user support section.
- Use reliable security solutions. Keep the operating system and anti-malware solutions updated.
- Be critical when looking for free content, such as pirated software, free e-books or audiobooks, which are often traps to attract users.
Follow us on Google News to always stay informed
