Users of the free, ad-supported version of Spotify‘s music streaming client have been at risk from a malware attack, it has emerged.
The Register reports that ‘trojan horse’ malware has been deposited on users’ computers via a Java-based exploit, seemingly linked to third party display ads within the app. According to Netcraft, payloads have been identified by AVG anti-virus software as including a trojan called Generic_r.FZ and a Blackhole Exploit Kit hosted on the uev1.co.cc domain.
It appears that only Windows users have been affected, with virus warnings linked to the app having been picked up by the JANET academic network used by universities across the UK.
Spotify tells us that it is currently investigating the reports and has removed all third party display ads that could have caused the problem until the specific advert is located.
We will update with more information as it becomes available.
UPDATE: Spotify tells us:
A number of our Spotify Free/Open users in the UK, Sweden, France and Spain running Windows were targeted by a virus contained in an advert which began running yesterday evening.
We quickly removed all third party display ads in order to protect users and ensure Spotify was safe to use. We then isolated and removed the malicious ad. Users with anti-virus software will have been protected.
We sincerely apologise to any users affected. We’ll continue working hard to ensure this does not happen again and that our users enjoy Spotify securely and in confidence.