It is paradoxical. Streaming platforms have caused, in recent years, the piracy of audiovisual and musical products to decrease. In this last case, Spotifywhich is forecast to reach 665 million users by the end of the year, has played an important role in making music piracy a much smaller problem for the industry, but now is being used by pirates to promote the distribution of illegal copies of software. The reason? That your playlists or playlists They rank much better in Google search results. than traditional download pages.
If years ago it was easy to find pages with illegal download links, the search engine is now much more restrictive and, in many cases, does not index them.. The same does not happen with playlists. that come from a platform with authority, in terms of search results, such as Spotify.
For this reason, the music and podcast streaming platform is being exploited to appear in search results promoting the download of pirated software, cheats to cheat video games and spam links. Cybercriminals do this by entering keywords that interest them (for example, a crack that allows you to bypass a program’s protection) and links. in the names and descriptions of playlists and podcasts.
An example of this practice, recently reported in X by the cybersecurity expert Karol Paciorekis a playlist titled ‘Sony Vegas Pro 13 Crack…’ which directed users to a website offering pirated software. These types of websites, as is common in those that distribute or link illegal software, may contain malware or lead to fraudulent phishing sites.
🚨 Cybercriminals exploit Spotify for #malware distribution. 🎵
Why? Spotify has a strong reputation and its pages are easily indexed by search engines, making it an effective platform to promote malicious links. pic.twitter.com/MGloGZykCp
— Karol Paciorek (@karol_paciorek) November 18, 2024
This tactic of taking advantage of Spotify’s reputation improves the position of these websites in search engineswhich increases your visibility to unsuspecting users. All a person who wants to download pirated software has to do is search for one of these playlists and click on the description. Spotify has acknowledged the problem and removed this particular playlist, but it is not an isolated example.
The problem goes beyond playlists. There are also podcastscreated with synthetic voices, that promote spam links, torrent downloads and scam channels on Telegram. These podcasts also direct users to pages filled with ads, surveys, and potentially harmful downloads.
This is possible because, in addition to mobile and desktop applications, Spotify offers a web version of the platform. The playlists and podcasts available in the web player are, like on any other website, crawled by search engines like Google and indexed in the Search Engine.
On this issue, Spotify has told Bleeping Computer that ‘the Spotify Platform Rules prohibit posting, sharing or providing instructions on the implementation of malware or malicious practices related that seek to damage or obtain unauthorized access to computers, networks, systems or other technologies.’