Search This Blog

Showing posts with label Spotify. Show all posts

Fake Microsoft Store, Spotify Distribute Malware to Steal User Data


Attackers are promoting sites that imitate the Microsoft Store, Spotify, and an online document converter to spread malware that steals credit cards and passwords stored in web browsers. ESET, a cybersecurity company, detected the attack and posted an alert on Twitter to be on the lookout for the malicious campaign. 

On both desktops and mobile devices, Windows remains vulnerable to a significant number of malware threats, at least more than its peers and competitors. Despite having an official app store, it is almost too easy to infect a Windows PC by merely installing an app. Microsoft advises users to only download applications from the company's official networks, however, some hackers are taking advantage of this by posing as legitimate companies. Microsoft Store is an online store that sells Microsoft products. 

According to Jiri Kropac, ESET's Head of Threat Detection Labs learned that the attack is carried out by deceptive ads that promote what appear to be legitimate applications. One of the commercials used in this attack, for example, promotes an online Chess game. Users are taken to a fake Microsoft Store page for a fake 'xChess 3' online chess application, which is automatically downloaded from an Amazon AWS server when they click on the ad. 

According to this Any.Run report created by BleepingComputer, the downloaded zip file is called 'xChess' [VirusTotal], which is actually the 'Ficker', or 'FickerStealer,' information-stealing malware in disguise. Other ads from this malware campaign imitate Spotify or an online document converter. Their landing pages can also download a zip file containing the Ficker malware when you visit them. Instead of being greeted by a new online Chess program or the Spotify software when a user unzips the file and runs the executable, the Ficker malware would run and begin stealing the data stored on their device. 

Ficker is a data-stealing Trojan that was first posted on Russian-language hacker forums in January before the developer started renting it out to other threat actors. Threat actors will use this malware to steal passwords from web browsers, desktop messaging clients (Pidgin, Steam, Discord), and FTP clients. The malware can also steal over fifteen cryptocurrency wallets, steal documents, and take screenshots of active applications running on victims' computers, according to the developer.

Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months


Spotify, which has become a very popular online streaming music platform, is suffering from a second cyber credential attack after just three months of its previous one. The platform has reset the passwords of its affected customers. 

Threat actors have gained access to more than 100,000 subscribers of music streaming services and are taking advantage of those who use the same security password on multiple online service platforms. They simply build automated scripts that will systematically steal IDs and security passwords of many online accounts. 

Hackers have successfully managed to get access to various popular companies’ customers’ credentials, including big names like 'Donuts (it has been attacked twice in three months), The North Face, Dunkin, the popular chicken-dinner chain Nando And FC Barcelona's official Twitter account which was hacked last year. 

It was back in November 2020, when malicious actors hacked the information of thousands of Spotify subscribers, prompting the streaming music service to issue a password-reset notice. 

Researcher Bob Diachenko tweeted about the new Spotify attack on Thursday, “I have uncovered a malicious #Spotify logger database, with 100K+ account details (leaked elsewhere online) being misused and compromised as part of a credential stuffing attack.” 

Additionally, he has also uploaded a Spotify statement on the attack confirming the incident. 

“We recently protected some of our users against [a credential-stuffing attack], once we became aware of the situation, we issued password resets to all impacted users, which rendered the public credentials invalid,” the notice read. 

The organization has also stated that the hacks were carried out using an ill-gotten set of data: “We worked to have the fraudulent database taken down by the ISP hosting it,” the company added. 

This attack is very similar to the previous one, wherein the logged-in data also appeared in a public elasticsearch example. 

“There are similarities but this one looks different, like coming from a rival group. I suppose that login pairs came from previously reported breaches or collections of data, so they just re-use them against Spotify accounts to become part of this automated process,” Diachenko tweeted. 

“Originally this data was exposed inside a misconfigured (thus publicly reachable) Elasticsearch cluster – most likely operated by the malicious actors themselves,” he added. “It contained entire logs of their operations, plus email/password pairs they used [for the attack].”

Spotify app: Crashed down for users around the world

Spotify users around the world are having trouble logging in the app as well as while streaming the music.

Initially, the users in the UK and Europe reported about the app's crashing down, but after some time the users around the world reported the same problem.

The first report of app crashing came out at 11am GMT (7am ET).

However, Spotify tweeted a response to the influx of reports from its customers: 'Something's not quite right, and we're looking into it. Thanks for your reports!'

 According to the outrage monitoring site DownDetector, users are facing a problem as the website is not working properly. Around 63 percent of users reported that they are facing trouble in playing music.

Users have started making memes about the crashing of the popular music streaming website. 

Spotify to block account of users using ad blockers

The online music streaming platform, Spotify to terminate the accounts of users who use ad blockers - the company has updated its terms of service which will come into effect from March 1st.

According to the updated terms of service, “Circumventing or blocking advertisements in the Spotify Service, or creating or distributing tools designed to block advertisements in the Spotify Service,” is prohibited, the user guidelines read. Spotify also notes that breaking that rule or any other guideline “may result in immediate termination or suspension of your Spotify account.”

The company decided to change its terms of service after millions of its users were blocking advertisements by using ad blockers or were downloading modded versions of the app. They have sent a detailed email to notify every user about the new update.

Spotify has two versions- free and premium.

The user has to pay $9.99 per month for premium service, in which they have unlimited access to music without any ads, while in a free version, a user can listen on-demand to 15 popular playlists that are curated using an algorithm to match the user's taste.