Spotify misused for scams and malware

Scammers are leveraging Spotify’s playlist and podcast features to target unsuspecting users with malware and phishing schemes.

Spotify users in the US faced a major outage, with over 40,000 affected.

Scammers are misusing Spotify’s playlist and podcast features to promote pirated software, malware, and phishing schemes. By embedding popular search terms like ‘free download’ or ‘crack’ in playlists and podcast titles, these bad actors ensure their spam appears in Google search results. Users who click on these links often land on unsafe sites designed to install malicious software or steal personal data.

The schemes include playlists and short podcast episodes featuring synthetic voice prompts that redirect listeners to risky external sites. These scams exploit Spotify’s trusted reputation and indexed pages to rank high in search results. Scammers profit through ad clicks, fake surveys, and affiliate links while spreading malware or engaging in phishing attempts.

Experts warn users to avoid clicking on suspicious links, verify playlist or podcast creators, and stick to official sources for downloads. Spotify and search engines like Google face calls to strengthen safeguards to prevent misuse of their platforms. In the meantime, users are encouraged to report fraudulent content and use antivirus software to stay protected.