Some users of Spotify’s free, ad-supported service got a bit more than they bargained for this week (and not in a good way).

Reports surfaced as early as Tuesday that Spotify’s free tier was serving up malicious content through its advertisements. According to one user’s account, if Spotify was open, it would continuously open the default web browser and load various malware / virus-ridden sites – some of which didn’t even require any user interaction to cause harm.

Worse yet, the issue apparently wasn’t limited to Windows as reports flowed in of similar behavior on both Linux and MacOS installations.

Shortly after the outbreak, Spotify said in response to one of the community posts that they had identified an issue where a small number of users were experiencing a problem with questionable website pop-ups in their default browsers as a result of an isolated issue with an ad on their free tier. The source of the problem was identified and has been shut down, the Spotify rep said.

While it’s not uncommon for malware to sneak into the advertising campaign of a major company, it is a bit embarrassing for Spotify as this isn’t the first time the company has dealt with such an issue. In 2011, Spotify issued a public apology after its Windows desktop app was found to be installing bogus “Windows Recovery” software which, again, was a result of malvertising.

Image courtesy Denys Prykhodov, Shutterstock