Spotify is a great way to access music for a monthly fee, without pirating. That’s apparently not stopping some people from using it to pirate stuff that’s not music.
Spotify, the popular music streaming platform, is being exploited to distribute pirated software, game cheats, and spam links. Threat actors are taking advantage of Spotify’s search engine optimization (SEO) by injecting keywords and links into playlist names and podcast descriptions. These tactics boost the visibility of their malicious websites in search engine results.
One example involved a playlist titled “Sony Vegas Pro 13 Crack…” which directed users to websites offering pirated software. These websites, like all websites where you typically grab pirated software, often contain malware or lead to scam sites. Additionally, the tactic improves the search engine ranking of these shady websites, increasing their visibility to unsuspecting users. All an user needs to do is search one of these playlists and click on the description. Spotify has acknowledged the issue and removed this particular reported playlist, but there could be more. A spokesperson stated that the company’s platform rules prohibit the promotion of malware or malicious practices.
The problem extends beyond playlists. Numerous podcasts with short, synthesized speech episodes promote spam links, “torrents,” and scam Telegram channels. These podcasts often advertise ebooks or game cheat codes, directing users to pages filled with ads, surveys, and potentially harmful downloads. We’ve also seen some fake audiobooks being uploaded as podcasts.
Many of these malicious podcasts are published via third-party services like Firstory, which offers podcast hosting and distribution. While Firstory has implemented security measures like email verification and keyword scanning to prevent spam, threat actors continue to find ways to exploit the platform.
We don’t know the full extent of the problem, but it looks like it’s been going on for a while. Spotify will, hopefully, step in and address the issue soon.
Source: Bleeping Computer
