Every article tag can be clicked to get a list of all articles in that category. Every article tag also has an RSS feed! You can customize an RSS feed too!
We do often include affiliate links to earn us some pennies. See more here.

Snap store from Canonical hit with malicious apps

By -

Canonical are currently dealing with a security incident with the Snap store, after users noticed multiple fake apps were uploaded so temporary limits have been put in place.

A post on the Snapcraft Discourse forum noted three "Fake Crypto Apps" had appeared on the store, with the user mentioning they "steal funds from user accounts". Canonical reacted pretty quickly removing them, and the packages get replaced with empty ones so that they get updated and removed for anyone who had them installed

Writing a statement Canonical's Igor Ljubuncic said:

On September 28, 2023, the Snap Store team was notified of a potential security incident. A number of snap users reported several recently published and potentially malicious snaps.

As a consequence of these reports, the Snap Store team has immediately taken down these snaps, and they can no longer be searched or installed.

Furthermore, the Snap Store team has placed a temporary manual review requirement on all new snap registrations, effectively immediately.

If you try to register a new snap while the requirement is active, you will be prompted to “request reserved name”. Upon a successful manual review from the Snap Store staff, the name will be registered. Uploading and releasing revisions for existing snaps will not be affected.

We apologize for any inconvenience this may cause our snap publishers and developers. However, we believe it is the most prudent action at this moment.

We want to thoroughly investigate this incident without introducing any noise into the system, and more importantly, we want to make sure our users have a safe and trusted experience with the Snap Store.

Please bear with us while we conduct our investigation. We will provide a more detailed update in the coming days.

Article taken from GamingOnLinux.com.
Tags: Security, Misc, Ubuntu
12 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
The comments on this article are closed.
44 comments
Page: 1/5»
  Go to:

dziadulewicz Oct 2, 2023
Just like any other store out there. Google Play, Apple App Store etc. Nothing new and surprising here. You maintain a store, this is inevitable as all cannot be curated 100% ...
Wait, did Canonical not review Snap packages at all before this?
dziadulewicz Oct 2, 2023
Quoting: pleasereadthemanualWait, did Canonical not review Snap packages at all before this?

Where did it say that?
ZeroPointEnergy Oct 2, 2023
It's almost like the maintainers who curate a distribution repository have an important role preventing such a thing...

Repositories where anyone can release packages to the end-users may be convenient for developers who want more control over what the user gets, but it has a host of negative consequences for the user. It always ends in malware and anti-features getting distributed eventually.
officernice Oct 2, 2023
The only kind of Snap I'd endorse: https://www.youtube.com/watch?v=nm6DO_7px1I
devland Oct 2, 2023
Uncurated packages? Like ARCH's AUR that everybody warns you against using?

Oh, it has the canonical logo slapped on it. That's much better. /$
Quoting: dziadulewicz
Quoting: pleasereadthemanualWait, did Canonical not review Snap packages at all before this?

Where did it say that?
Quoting: CanonicalFurthermore, the Snap Store team has placed a temporary manual review requirement on all new snap registrations, effectively immediately.
Pikolo Oct 2, 2023
They probably should have two tiers:
1. curated
2. uncurated

A few ideas to flesh out the concept
- only curated snaps can be in classic mode,
- only curated snaps have been reviewed at least once.
- There could be a setting for "view uncurated snaps", which is off by default
- Canonical commit to review the top 5 non-curated apps by install base every month, promoting them to curated if they pass or removing them completely and publishing a security advisory otherwise.
- Apps in the curated store should be re-reviewed randomly and on user reports, to catch apps going to the dark side.

This is because if I'm installing a potentially shady app, it's better if it's sandboxed.
BlackBloodRum Oct 2, 2023
View PC info
  • Supporter Plus
It was inevitable. Flatpak will suffer the same too at some point.

They have their conveniences, but they will always come with this risk.
dziadulewicz Oct 2, 2023
Quoting: pleasereadthemanual
Quoting: dziadulewicz
Quoting: pleasereadthemanualWait, did Canonical not review Snap packages at all before this?

Where did it say that?
Quoting: CanonicalFurthermore, the Snap Store team has placed a temporary manual review requirement on all new snap registrations, effectively immediately.

So, what you was suggesting, wasn't said anywhere ..
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.