Snap and Ubuntu Can be Tricked (But Media Hypes This Up)
-
Hacker News ☛ Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages
Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system.
"While 'command-not-found' serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the snap repository, leading to deceptive recommendations of malicious packages," cloud security firm Aqua said in a report shared with The Hacker News.
-
OMG Ubuntu ☛ Ubuntu ‘Command Not Found’ Open to Exploit, Warn Experts
Researchers at Aqua Security say they’ve identified a security flaw in the way Ubuntu’s “command not found” feature works, which attackers could exploit to trick users into installing malicious snaps. In a blog post detailing the findings, researcher Ilay Goldman concludes that “the risk of attackers exploiting the ‘command-not-found’ utility to recommend their own malicious snap packages is a pressing concern”.
-
LinuxSecurity ☛ Ubuntu Tool Could Trick Users Into Installing Rogue Packages
A potential security vulnerability exists in the command-not-found tool in Ubuntu, which threat actors could exploit to recommend and install malicious packages on systems running Ubuntu operating systems. The command-not-found tool is installed by default on Ubuntu systems and suggests packages to install when users attempt to run commands that are not available.
-
Security Affairs ☛ Abusing the Ubuntu ‘command-not-found’ utility to install malicious packages
Researchers reported that attackers can exploit the ‘command-not-found’ utility to trick users into installing rogue packages on Ubuntu systems.
-
Bleeping Computer ☛ Ubuntu 'command-not-found' tool can be abused to spread malware
A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users.
The problem arises from the utility's ability to suggest snap packages for installation when they are missing without a validation mechanism to ensure that packages are authentic and safe.
The loophole was discovered by Aqua Nautilus researchers who have found that approximately 26% of Advanced Package Tool (APT) package commands are at risk of impersonation by malicious snap packages, presenting a significant supply chain risk for Linux and Windows Subsystem for Linux (WSL) users.
Update
Some late coverage:
-
This commonly-used Ubuntu tool can be hijacked to spread malware | TechRadar
Hackers can abuse Ubuntu’s “command-not-found” package suggestion system to deliver malware to users, researchers are saying. The attack surface is relatively large, and there are multiple ways threat actors can abuse the feature.
This is according to a new report from cybersecurity researchers Aqua Nautilus, which notes how when a Ubuntu user wants to run a specific program that’s currently not installed on the endpoint they can bring up the "command-not-found" utility and have it suggest packages to install.