Spotify ads infect users with malware

I&#x27;m not sure how much I believe this unless I see video proof (or have it happen on my machine).<p>I see how this might be possible as the ads are loaded via javascript, but the javascript running the ads should be owned by Spotify, not the advertising company, that should just be an image file. Somebody please correct me if I&#x27;m wrong.<p>On another note, this statement &quot;Some of them do not even require user action to be able to cause harm.&quot; makes me trust this even less. If the ad is opening a new browser window, that browser window is sandboxed. Sure it can ask the user to take an action, but it can&#x27;t take an action on behalf of the user.<p>Anybody else have insights on this?

&gt;it will launch - and keep on launching - the default internet browser on the computer<p>&gt;it&#x27;s still puzzling something like this can actually happen.<p>I think the interesting thing is that its the default browser. If the ads were in an embedded trident or gecko frame, would something like window.open open the default browser?