Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Piracy

Spotify Has A Pirated Software Problem (404media.co) 22

Posted by msmash from the catch-me-if-you-can dept.
An anonymous reader shares a report: People are using Spotify playlist and podcast descriptions to distribute spam, malware, pirated software and cheat codes for video games. Cybersecurity researcher Karol Paciorek posted an example of this: A Spotify playlist titled "*Sony Vegas Pro*13 C-r-a-c-k Free Download 2024 m-y-s-o-f-t-w-a-r-e-f-r-e-e.com" acts as a free advertisement for piracy website m-y-s-o-f-t-w-a-r-e-f-r-e-e[dot]com, which hosts malicious software.

"Cybercriminals exploit Spotify for #malware distribution," Paciorek posted on X. "Why? Spotify has a strong reputation and its pages are easily indexed by search engines, making it an effective platform to promote malicious links."

"The playlist title in question has been removed," a spokesperson for Spotify told 404 Media in a statement. "Spotify's Platform Rules prohibit posting, sharing, or providing instructions on implementing malware or related malicious practices that seek to harm or gain unauthorized access to computers, networks, systems, or other technologies."

Spotify Has A Pirated Software Problem More | Reply

Spotify Has A Pirated Software Problem

Comments Filter:
  • "The playlist title in question has been removed," a spokesperson for Spotify told 404 Media in a statement. "Spotify's Platform Rules prohibit posting, sharing, or providing instructions on implementing malware or related malicious practices that seek to harm or gain unauthorized access to computers, networks, systems, or other technologies."

    Except a link to a license key doesn't do any o that.

  • Wow (Score:3)

    by Bahbus ( 1180627 ) on Thursday November 21, 2024 @01:27PM (#64962835) Homepage

    I've seen some stupid ways to promote malicious websites, but this may be the stupidest one yet. Anyone who would see something like that and then go to that website deserves whatever happens to them. Those people shouldn't be allowed to have technology in the first place.

    • I'm kind of surprised nobody has come up with a malformed mp3 that does something like encode pirated software or other messages directly into the music; then get patriotic singers from whatever country to participate in spreading information by selling tracks on spotify.

      • malformed mp3 that does something like encode pirated software or other messages directly into the music;

        The problem is that steganography requires, obviously, access to the music data (e.g. an MP3 file) so you can open it with the tool and decode/extract the hidden data.

        And modern streaming platform try to hide the data as much as possible from the end user (as in you get an nice "play" button in the app, AAC encoded audio is directly stream to your wireless earbuds but there's no way so save the file and open it in another app - short of having a rooted phone and using special tools to intercept that data an

        • Any stream you can receive, you can save. It's pretty easy to watch the network traffic coming in to your own computer.

          • Any stream you can receive, you can save. It's pretty easy to watch the network traffic coming in to your own computer.

            Apple, Google and several other strongly disagree on the subject whether your smartphone qualifies as your own computer.

            Yes, there are ways with which you, I, and most of the people here on /. could capture data which is streamed (ignoring for now the problems around encryption and DRM).
            But Random Joe 6-Pack only know to tap the button on the smartphone app to listen to music. Do not count on them to be able to do all the tricks to get steganography working.

            And that will severely limit how wide said patriot

            • Yeah, but Random Joe 6-Pack (or for that matter Guido the Enforcer) doesn't need to know how the magic works to get the message. He just needs a side-loaded app that allows him to tune in to the message.

    • To be fair, it works even better if people writes articles detailing the links that these exploits point to. the next article will be "people use 404media articles to amplify the distribution of pirated software, malware cracks etc" followed by "people use slashdot articles ..."

    • I've seen some stupid ways to promote malicious websites, but this may be the stupidest one yet

      Eh, for all the problems it poses, I'd hesitate to say that "it's stupid" is one of them. Spotify ranks rather well on Google, so it's a great (but evil) way to ride Spotify's tailcoat and get your malware links seen.

      • Re: (Score:2)

        by Bahbus ( 1180627 )

        It's still stupid, because literally only the stupidest of the stupid people (or weird malware researchers, but they don't count) would ever visit any of those malware links. It pains me that there are people that it does work on and that those people are allowed continued access to technology they don't understand or even appreciate.

  • Stop citing 404media (Score:1)

    by Anonymous Coward

    Stop citing IT-Clickbait.

  • Malware promoting malware, checks out!

  • Seriously they need to start introducing some level of filtering into what people upload. This link spam is just the latest problem. They also suffer with actually pirated music being uploaded, AI trash being uploaded, fake band names attempting to generate plays by imitating real bands, it's becoming a cesspool.

    • cesspool

      what % of the platform is the content you mention? I use Spotify the majority of my conscious hours and encounter nothing but smooth sailing.

      AI trash

      Related, this is the AI garbage for sale [temu.com] being show in ads on /. So far, slashdot is looking more like the cesspool than Spotify. Not saying the things you mentioned don't exist on Spotify - it's not news to me at all. Just wondering what % of the time it is in front of you.

    • Spotify is a cesspool even for artists, who get pennies on the millionth view or whatever. It shouldn't have existed, but it does because it does a better job of separating artists from the cash generated by the art. It's built on the premise of throwing more to the industry than to the creators. It's just grabbing at every possible way to do that now, with as little human interaction as possible. It's custom made for digital fraud, and now it's starting to pay off in this type of bullshit.

  • advertise != distribute (Score:5, Insightful)

    by Comboman ( 895500 ) on Thursday November 21, 2024 @01:56PM (#64962931)

    Spotify is not distributing anything. People are using plain-text playlist titles to advertise their shitty websites, just like they can do with ANY website that allows users to enter plain-text that others can read, including this one. By the way, the REAL site for *Sony Vegas Pro*13 C-r-a-c-k Free Download is goatse[dot]cx

  • Comment Subject: (Score:1)

    by Anonymous Coward

    *every editable text field on the internet has a pirated software problem

    Is this 1999? We're headlining that spambots dump crude links? Even /. has them

    Hell, here, have a goat[dot]cx on the house.

  • Meanwhile... (Score:3)

    by JustAnotherOldGuy ( 4145623 ) on Thursday November 21, 2024 @02:08PM (#64962979) Journal

    "The playlist title in question has been removed," a spokesperson for Spotify told 404 Media in a statement.

    Meanwhile the other 2,646,318 'titles' are still there.

    Good job, Spotify, that's so inspiring, keep up the good work...

  • Spotify hosts ... (Score:3)

    by PPH ( 736903 ) on Thursday November 21, 2024 @02:54PM (#64963101)

    ... audio streams. Podcasts and music. Can't they just build a filter with some AI to knock off the stuff that doesn't match posting rules?

    Of course, podcasts could bypass this by streaming spoken word instructions as to where to download the illicit stuff. But recognizing music should be relatively simple*, as BMI and ASCAP already have clients piggy-backed on phone apps that can recognize their content, capture the location and send a bill to a bar or dance club that isn't paying their fees.

    *Sorry. The "not music, deleted" rule will knock rap recordings off the 'Net. But that's a small price to pay in the grand scheme of tings.

Slashdot Top Deals

There is no opinion so absurd that some philosopher will not express it. -- Marcus Tullius Cicero, "Ad familiares"

Close