Popular music-streaming service Spotify has been serving up malware-laden ads on some users' computers, according to multiple customer reports on its community forums and social media. Users have reported that ads running on Spotify Free, the Swedish company's free product, have been automatically launching malicious websites on their desktops without their permission.
The issue was first reported on Tuesday (4 October) by user Tonyonly on the Spotify community forum.
"If you have Spotify Free open it will launch - and keep on launching - the default internet browser on the computer to different kinds of malware/virus sites," tonyonly wrote in his user report.
Another user said the suspicious pop-ups "seems to be injected through ads" on Spotify's free service. However, the user did not experience the same problem on another account.
Multiple users soon took to Twitter as well, claiming to have experienced similar issues where browsers on Windows 10, MacOS and Ubuntu were all launching and churning out the suspect ads. Some of the ads popping up in the default browser would also reportedly not require user input for the virus to infect a system. Rather, a questionable ad would simply appear in the browser and immediately start to compromise the system.
Spotify confirmed the issue in a statement saying they have "identified the source of the problem and have shut it down".
"We've identified an issue where a small number of users were experiencing a problem with questionable website pop-ups in their default browsers as a result of an isolated issue with an ad on our Free tier," Spotify said. "We will continue to monitor the situation."
However, the company did not specify any further details about the issue.
This isn't the first time the music-streaming service has had to deal with malware-ridden ads.
In 2011, Spotify issued a public apology after a malicious ad that appeared directly in its Windows desktop software installed a fake 'Windows Recovery' anti-virus program onto some users' machines. The company was quick to respond to the incident and resolve the issue.