Australian technology news, reviews, and guides to help you
Australian technology news, reviews, and guides to help you
Computer user

Malware lurking behind “free downloads” of music’s big names

Most people are jumping on the streaming music bandwagon, but if you still try to download music by trying to score it free, cyber criminals are looking to make an impact on your life.

Some of the year’s biggest musicians are having their music altered in a way that you might only see if you try to find it illegally, with online music files acquired through less than legal ways being used to spread malware.

While the process doesn’t affect all online music, with services such as streaming solutions from Apple Music, Spotify, Tidal, Amazon Music, Google Play, Deezer, and YouTube Music not affected by these malware incursions, if you are trying to find music files or music videos online to download for free, there’s a good chance a cyber criminal has planted something.

A search query can still turn up any number of music file websites, but if you’re taking this approach, you may well want to be aware that criminals are using names such as Ariana Grande, Billie Eilish, Taylor Swift, and Post Malone to hide malware.

In fact, a recent analysis by Kaspersky found 30,982 malicious files named with Grammy 2020 nominated artists, with over 40,000 Kaspersky users seeing the files.

Downloading files with malware behind them isn’t an issue for all music downloads, but it does come into play if you’re not careful what you download. For instance, music files typically use the file extension of “MP3”, “AAC”, or “FLAC”, while video downloads will use file extensions of “AVI”, MKV”, and “MP4”, among others. However malware tends to hind itself in executables or links, because it needs a way to run first, so files with malware will invariably find their way into “EXE”, “BAT”, or “LNK” files to run a program.

The easiest and most ethical solution is to not use the web to find music to download without payment, as music stores and music streaming services are not affected by the malware. Services like iTunes, Soundcloud, HDTracks, and Bandcamp are legit music services where you can listen or pay for music, as are many others, while the many streaming service selections of Spotify, Apple Music, Tidal, YouTube, and Google also provide music without risk of malware.

However when you go searching for free music that would normally cost money, the risk of being infected by malware comes part and parcel with said search.

“Cybercriminals understand what is popular and always strive to capitalise on that,” said Noushin Shabab, Senior Security Researcher at Kaspersky.

“If you want to listen or download famous artists’ songs, use reputable services like Apple Music, Spotify Premium, and Amazon Music,” she said.

“Alternatively try to find a reputable free music site that allows you to download songs legally. This is because, music acquired through the proper streaming services isn’t going to see malicious intent.”

Read next