Apple Podcasts Keeps Opening Random Religious Shows. Someone’s Testing an Attack

Your phone lights up. Apple Podcasts launches by itself. A sermon about free will starts playing. You didn’t click anything.

This isn’t a bug. Someone’s probing Apple’s podcast system for vulnerabilities. And they’ve been doing it for months.

The Spam Flood Nobody’s Talking About

Strange podcasts keep appearing in Apple’s app without warning. Most feature religious content or spirituality themes. Some have titles that are barely readable strings of code. Others sit completely silent.

Here’s what makes this creepy. The app opens itself. No user action required. One moment you’re working. The next, your Mac or iPhone displays a random podcast from 2019 about free will.

The podcast titles look like broken code:

• “5../XEWE2′””””onclic…”
• “free will, free willhttp://www[.]sermonaudio[.]com/rss_search.asp?keyword=free%will on SermonAudio”
• “Leonel Pimentahttps://play[.]google[.]com/store/apps/detai…”

Plus, some include Arabic text with Gmail addresses. Most haven’t been updated in years. Yet they’re suddenly showing up on devices now.

One Podcast Contains Actual Malware

That first podcast with the garbled title? It’s attempting cross-site scripting.

The “Show Website” link redirects to a suspicious Ukrainian domain. Visit it and you get a pop-up confirming an XSS attempt. That’s hacker jargon for injecting malicious code into what looks like a legitimate page.

Cross-site scripting isn’t cutting-edge. It’s actually pretty old-school as attacks go. Remember the MySpace worm from 2005? Same basic technique. But it still works when systems aren’t properly protected.

Someone even left a one-star review weeks ago. “Scam. How does Apple allow this attempted XSS attack?” Good question.

Security Expert Confirms the Risk

Patrick Wardle studies macOS security for a living. He runs Objective-See, which focuses specifically on Mac threats. And he managed to replicate similar behavior.

“Simply visiting a website is enough to trigger Podcasts to open and load a podcast of the attacker’s choosing,” Wardle explained. “Unlike other external app launches on macOS, no prompt or user approval is required.”

That’s the concerning part. Most apps on Mac ask permission before opening from an external source. Zoom does this. Safari does this. But Podcasts just launches silently.

Wardle stressed this isn’t a full-blown attack yet. But it creates the perfect delivery mechanism if vulnerabilities exist in the Podcasts app. Someone’s clearly testing whether they can exploit it.

Apple Stays Silent

Five emails sent over several months. Zero responses from Apple.

The company did reply to other unrelated requests during that time. So they’re reading their inbox. They just chose not to address this specific issue.

Meanwhile, these weird podcasts keep appearing. The XSS attempt remains live. And users keep getting random religious content pushed to their devices without consent.

This Feels Familiar

Remember Google Calendar spam? A few years back, scammers figured out they could add events to your calendar without permission. Suddenly everyone’s schedule filled with cryptocurrency scams and weight loss ads.

This has the same energy. Someone discovered a way to abuse Apple’s podcast system. They’re testing different approaches. Seeing what sticks. Checking if actual attacks work.

The religious content might be a smokescreen. Or maybe it’s just cheap throwaway accounts from old podcast farms. Either way, the XSS attempt proves someone’s trying to do more than just annoy people.

What Actually Matters Here

Nobody’s losing money yet. No massive breach occurred. Your data probably isn’t compromised.

But this demonstrates how attackers probe systems. They find obscure features most people ignore. They test different methods quietly. They see what security measures exist and where gaps remain.

Apple Podcasts isn’t exactly high-priority for most security teams. It’s not Safari or iMessage or iCloud. So maybe it gets less attention. Less scrutiny. Fewer updates.

That makes it interesting to attackers. Low-hanging fruit. A way in through a side door nobody’s watching.

For now, just be aware. If your Podcasts app starts acting weird, it’s not just you. And maybe think twice before clicking links in podcast descriptions you didn’t search for yourself.