A. M. 
The leading proactive threat detection company warns that cybercriminals are using Spotify to disguise malicious links in descriptions of podcasts and playlists, taking advantage of its reputation and level of indexation in search results. These links lead to fraudulent sites promising to download cracked software, e-books or virtual currencies from online games such as Fortnite. One of the platform’s attractions for attackers is that it has more than 600 million global users, among which Latin America accounts for 22 percent.
“From ESET we have already warned on other occasions about how these types of threats are hidden in stolen YouTube accounts, in cracks and cheats of video games, or that they were disseminated in descriptions of videos on YouTube. This is a practice that is always in force, as it takes advantage of the general interest in free content and software, benefiting from the better positioning in search results given by these well-known pages”, explains Camilo Gutiérrez Amaya, head of the ESET Latin America Research Lab.
As can be seen in the image below, a Google search for a specific crack will bring up results that lead directly to Spotify, and even to a link to download a pirated version of this app:
When entering the link to the supposed crack download for iTopVPN, it leads to a podcast that will have in its description several links leading to the download of the supposed crack of the promised software, hosted on a popular cloud storage service.
The ESET team analyzed the files that are downloaded through this route and, when reviewing the Virustotal results, it can be seen that it is an installer (MSI file) that is detected as malicious content by security solutions such as those from ESET. This type of detection is related to malicious code that leads to the installation of adware, which will fill the device with pop-up advertisements and redirect to malicious sites, even leading to the download of more dangerous malware.
A few weeks ago, different users of the social network X reported other examples of this type of distribution, where they detected malicious links in the description of several podcasts on Spotify. The links pretend to be links to download audiobooks or similar pirated material.
If a user finds a description on the platform that leads to a fake link, or even promotes illegal or pirated content, one option to report it is in the user support section of the same application.
ESET recommends following a series of good practices to reduce the risk of falling into this type of deception:
- Avoid interacting with suspicious links. If something looks too good to be true, it is most likely a hoax.
- Report malicious content.
- Use reliable security solutions. Keep your system and anti-malware solution up to date and scan downloaded files before opening them.
- Be critical when searching for free content. Links to pirated software, free e-books or audiobooks are often a common lure.
“Cybercriminals adapt their strategies to reach users and try to trick them. Using legitimate platforms such as Spotify, which index better in web search engines, is one of their strategies to distribute malware. It is important to remain alert, avoid downloading software from unofficial sources and never click on dubious links”, says the ESET researcher.
