news
Snap Store Neglect
-
SlowMist Identifies ‘Future Attack’ in Linux Store
In a novel attack, cybercriminals exploit trust in the official Snap Store on Linux to steal seed phrases from cryptocurrency wallets. This was reported by SlowMist’s head of information security, known as 23pds.
-
Cryptonews ☛ Hackers Hijack Snap Store Accounts to Push Crypto-Stealing Malware on Linux
Rather than creating fresh accounts on the Snap Store, which is operated by Canonical, attackers are now taking over existing publisher accounts, according to a warning from Ubuntu contributor and former Canonical developer Alan Pope.
The method relies on identifying expired web domains and email addresses linked to long-standing Snap Store developers, registering those domains, and then using the recovered access to hijack Snapcraft accounts.
-
Help Net Security ☛ Linux users targeted by crypto thieves via hijacked apps on Snap Store
Instead of creating new accounts on this Canonical-run package repository, the attackers are taking over expired web domains and associated email servers tied to existing Snap Store publishers, and using that access to hijack their Snapcraft accounts and push malicious updates to previously benign packages.
[...]
He advised users to be especially careful with cryptocurrency wallet snaps and consider obtaining such applications directly from official project sites rather than through any app store.
Pope also created SnapScope, a web app that users can leverage to check whether a snap is vulnerable, suspicious or malicious before they start using them.
Finally, he advised snap publishers to keep their domain registration current and enable two-factor authentication (2FA) for their email and Snapcraft accounts.
Hel Net Security has reached out to Canonical to ask whether they mean to implement additional safeguards around domain ownership and account recovery and additional checks to spot malicious updates to already published snaps. We’ll update this article when we have more information to share.