Spotify playlists abused

  Photo Credit: Spotify

Spotify’s playlists and podcast pages are being abused by spammers to link to
pirate websites offering games, ebooks, and other downloads. Here’s a closer
look at this growing exploitation.

  Spotify’s webpage at ‘open.spotify.com’ is essentially the web version
  of Spotify and as such, it is highly indexable by search engines like
  Google. That open door is now becoming a seriously-exploited
  vulnerability.

  According to details now emerging, spammers are injecting keywords into
  playlist and podcast titles to advertise pirated games, books, and
  movies for download. Google then indexes these Spotify pages and
  delivers them as top results when anyone searches those specific
  keywords.

  BleepingComputer reports that playlists with the title ‘Sony Vegas Pro
  13 Crack’ appeared on the platform before Spotify removed them.

  “Cybercriminals exploit Spotify for malware distribution,” Karol
  Paciorek, cybersecurity enthusiast told BleepingComputer. “Why? Spotify
  has a strong reputation and its pages are easily indexed by search
  engines, making it an effective platform to promote malicious links.”

  When the playlist was brought to Spotify’s attention, it was quickly
  removed. But numerous playlists with words like ‘free download’ and
  ‘download epub’ still exist and are being spammed across Spotify to
  promote links to these pirate websites.

  Digital Music News was able to find entire podcasts that were only six
  seconds long, but with titles like ‘epub download The Moonlight Blade
  by Tessa Barbosa’ and another that offers a link to Jenette McCurdy’s
  critically-acclaimed memoir, ‘I’m Glad My Mom Died.’

“Spotify’s [1]platform rules prohibit posting, sharing, or providing
instructions on implementing malware or related malicious practices that seek
to harm or gain unauthorized access to computers, networks, systems, or other
technologies,” a Spotify spokesperson told Digital Music News. While it may
be against Spotify’s terms of service, nevertheless, these spammers are
engaging in a concerted effort to spread links to pirate websites.

  BleepingComputer noticed that many of the spam podcasts uploaded to
  Spotify appear to be provided by a third-party—Firstory Hosting.
  Firstory launched in 2019 as an online distributor for podcasters to
  distribute their work to several different platforms. Firstory
  [2]confirmed to BleepingComputer that combating spam distribution is an
  “ongoing challenge” for the distributor.

  “Anyone can use our platform to publish podcasts on Spotify. However,
  we do have certain filters in place to prevent accounts using specific
  fraudulent domains or email addresses containing variations. These spam
  accounts not only violate the rights of the creators we value most, but
  they also drive up our operational costs,” a Firstory representative
  says. “We’ve dedicated considerable resources to addressing this
  issue.”

  Firstory says it scans podcast titles and show notes for specific
  keywords like ‘epub,’ ‘PDF,’ ‘download,’ to prevent the distribution of
  spammy content. Yet Digital Music News was able to find several
  instances of podcasts hosted on Spotify offering free downloads to
  ebooks and other content. Simply searching the phrase ‘epub’ on
  Spotify’s podcast page turns up hundreds of spam results on the first
  page. So Spotify not only has a problem with [3]spammers sending ‘fake
  music tracks,’ the podcast interface is also under attack.

References

  1. https://www.spotify.com/us/safetyandprivacy/platform-rules
  2. https://www.bleepingcomputer.com/news/security/spotify-abused-to-promote-pirated-software-and-game-cheats/
  3. https://www.digitalmusicnews.com/2023/05/09/spotify-boomy-songs/

You are viewing proxied material from 1436.ninja. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.