With 365 million users worldwide, it seems that almost everybody you know is signed up to Spotify. But those planning to test out the world’s largest music site should be aware that what looks like an ad for the service might in fact be a trap designed to steal all your sensitive information.
Cybersecurity firm ESET have discovered a number of fake Spotify sites that you enter via an authentic-looking Spotify advert, imploring you to test their service. You are then taken to a fake Microsoft Store site, and a zip file is automatically downloaded to your computer. This file (should you unzip it) will unleash Ficker, which is Trojan malware that harvests and sends data from your computer to criminals.
Ficker was delivered by Russian hacker, and was discovered this January. It saves logins, crypto wallets, credit card details, and other such data, zips it up, and sends it to whoever set up the initial Spotify trap.
So be careful: it may sound like a familiar song, but if you are downloading something, make sure the website URL checks out first.