Check out our Monthly Survey Page to see what our users are running.
We do often include affiliate links to earn us some pennies. See more here.

Snap store from Canonical hit with malicious apps

By -

Canonical are currently dealing with a security incident with the Snap store, after users noticed multiple fake apps were uploaded so temporary limits have been put in place.

A post on the Snapcraft Discourse forum noted three "Fake Crypto Apps" had appeared on the store, with the user mentioning they "steal funds from user accounts". Canonical reacted pretty quickly removing them, and the packages get replaced with empty ones so that they get updated and removed for anyone who had them installed

Writing a statement Canonical's Igor Ljubuncic said:

On September 28, 2023, the Snap Store team was notified of a potential security incident. A number of snap users reported several recently published and potentially malicious snaps.

As a consequence of these reports, the Snap Store team has immediately taken down these snaps, and they can no longer be searched or installed.

Furthermore, the Snap Store team has placed a temporary manual review requirement on all new snap registrations, effectively immediately.

If you try to register a new snap while the requirement is active, you will be prompted to “request reserved name”. Upon a successful manual review from the Snap Store staff, the name will be registered. Uploading and releasing revisions for existing snaps will not be affected.

We apologize for any inconvenience this may cause our snap publishers and developers. However, we believe it is the most prudent action at this moment.

We want to thoroughly investigate this incident without introducing any noise into the system, and more importantly, we want to make sure our users have a safe and trusted experience with the Snap Store.

Please bear with us while we conduct our investigation. We will provide a more detailed update in the coming days.

Article taken from GamingOnLinux.com.
Tags: Security, Misc, Ubuntu
12 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
The comments on this article are closed.
44 comments
Page: «4/5»
  Go to:

BlackBloodRum Oct 3, 2023
View PC info
  • Supporter Plus
Quoting: Termy
Quoting: BlackBloodRumBut then that's easier said than done when we're talking about people who may only be using Linux for the first time.
And that is exactly why i don't think its a good idea for beginner-friendly arch-derivatives to make AUR easily accessible.
Newbies may also use Arch though, don't forget arch also has the "archinstall" which can automate much of the installation. (or all of it? I'm not sure, I haven't tried it)

Arch isn't difficult to install even without it, since for the most part you can just follow the wiki, which will get you a working installation easily enough.

I myself have pointed some people to Arch who wanted to better understand the inner workings of Linux while they are also relatively new to Linux (or had not used it before). So, it is possible for someone who has an interest in the technical details, to be using Arch as their first distro, so the issue may also directly affect Arch users, not just derivatives. :-).

Although, one would hope such users have better computer common sense, so to speak.

Quoting: Termy
Quoting: BlackBloodRumThe warnings just need to be amplified a bit when it comes to third-party minimally checked stuff (whether that's a flatpak, snap, aur, whatever).
Indeed - although that problem is pretty much the same as with the 'normal' windows madness of downloading and running random .exe files that most people have internalized so well...^^
Windows is less user friendly than Linux, in my opinion. It's a royal pain in the certain end. I hate that pile of brown substance.

Windows has been, and frankly probably always will be a mess when it comes to obtaining applications.


Last edited by BlackBloodRum on 3 October 2023 at 5:31 pm UTC
Termy Oct 4, 2023
Quoting: BlackBloodRumsince for the most part you can just follow the wiki,

You would be surprised for how many people even that poses an enormous obstacle if you take a look in the support channels xD

But yeah, you're bringing up a point that many raise against archinstall - even if manual installation is very easy indeed, it at least makes the new arch-user familiar with using the wiki (in theory).

Quoting: BlackBloodRumWindows is less user friendly than Linux, in my opinion

Couldn't agree more. My family-support-efforts dropped to near zero after i installed linux for my mother, aunt and so on...
BlackBloodRum Oct 4, 2023
View PC info
  • Supporter Plus
Quoting: Termy
Quoting: BlackBloodRumsince for the most part you can just follow the wiki,

You would be surprised for how many people even that poses an enormous obstacle if you take a look in the support channels xD

But yeah, you're bringing up a point that many raise against archinstall - even if manual installation is very easy indeed, it at least makes the new arch-user familiar with using the wiki (in theory).

That in my opinion, is not so much the operating system at fault, as it is the user at fault, which brings us back to the original point:

People need to exercise caution. Part of that caution is understanding what they are doing.

With enough warnings in place which could be heavily emphasised, any problem beyond that purely sits with the user that ignored them.

Ideally, we want Linux to be open and accepting for all, technical users or not. I'm not suggesting we "dumb it down" though. The geeky bits are the heart of linux! However, a few words here and there for new users shouldn't be too much, particularly where third party application sources are involved.

Quoting: Termy
Quoting: BlackBloodRumWindows is less user friendly than Linux, in my opinion

Couldn't agree more. My family-support-efforts dropped to near zero after i installed linux for my mother, aunt and so on...
Indeed, Linux just fits everywhere! Ironically my grandma, who is almost 90 now, is a Linux Mint user! She is more of a Linux fanboy than me! My aunt tried to get her to use a new MacOS computer in their home. My grandma? She just complained it's too difficult, confusing etc. Just would not stop complaining about it. Refused to use it. Wanted her Linux back.

Made me proud!

Eventually her old computer was just.. too old. So I upgraded the hardware but to keep things simple I just stuck an offline Linux Mint with the Mate desktop for her games (puzzle mostly, like hidden object etc) and family pictures. She got converted to Linux when I was a wee teen thousands of years ago. So at the time Gnome 2 was dominant, and gnome 3 hadn't destroyed gnome. So, she had used gnome 2 on CentOS 5/6 for many years. I figured it was much easier for a new computer for her to use Mate rather than messing about trying to teach her a new KDE or new Gnome etc. I configured it to look and act exactly the same, so in her mind, it basically is the same.

She uses that happily, I never get a complaint! It's an offline computer that never hits the net (I outright disabled all networking components, and she doesn't have sudo/root privileges. Just in-case another family member who visits her tries something stupid, she gets a lot of teenagers at this point.), so I can basically just forget about it and she's happy!

Meanwhile, her new iPhone my aunt got her? She is always complaining about it!

My guess would be, if it was a Windows computer, I would be having lots of complaints by now!

Linux is perfect for peace of mind, and ease of use, and it just fits in anywhere. Even my mum is on SUSE Leap on her laptop, and my stepdad is on Fedora Kinoite! There is a Linux setup for everyone, somewhere.

Anyway, I shouldn't talk too much about Linux *facepalm*, sorry for derailing the thread!
clatterfordslim Oct 4, 2023
I remember when Snap Packages were just being introduced. At that time I was running Peppermint OS 8 and was helping people out on the Peppermint Forums. The amount of hate for Snap Packages, for them not installing properly, excluding a lot of features, that the original Deb package has. We sent people to Canonical to complain there and directed people to install the original Deb package, as it will take up far less resources and work straight away, along with all the features.

Then about a year later Malware was found embedded in a Snap Package. My hate for Snap Packages evolved from the amount of complaints and for the fact they run slow, take up way too many resources. Flatpaks at least actually work, AppImages are even better in my opinion, as everything is together in one single download file. Kdenlive AppImage for example is made by the KDE team, so you can run the latest version. I wish for a world without Snap Packages, that's why I run Linux Mint Xfce edition.
slaapliedje Oct 4, 2023
Quoting: BlackBloodRum
Quoting: slaapliedje
Quoting: BlackBloodRumIt was inevitable. Flatpak will suffer the same too at some point.

They have their conveniences, but they will always come with this risk.
This is the second time it's happened. Flatpak actually labels stuff as unsafe if you're using the UI. I always check to see if it's made by the upstream project or not. For example, Discord flatpak is not from Discord, you should download the .deb/tar.gz from their website.
That's a recent addition.

The problem is, many people may simply ignore such warnings and use it anyway. But just like anything when it comes to technology, just use common sense and caution, you should be fine.
Right. One of the main reasons Linux is not known for malware and viruses is because the software comes from the distribution themselves. This has the benefit of one of the few attack vectors being actually getting into the repository systems to modify files, which has happened to pretty much any distro at one point or another, but it's not the easiest thing to do.

Flatpak / Snap doesn't have such a barrier, granted if you are one to upload something nasty there, it's likely you won't be given access to do the same in the future.

If people are ignoring the 'This package is unsafe!' then that's really on them, no? Ha, I was using the Flatpak for Discord for while, but then I went to launch it one day and it was like 'yeah, don't do this, we have a deb package.' and then it started downloading that. I had to remove the flatpak one and just use the .deb, which will send me to the website to download the new .deb once there is one... Discord does it weird. Just add a apt repo, ffs, so it'll just update when I 'apt update'.
slaapliedje Oct 4, 2023
Quoting: pleasereadthemanualIt's a joke. I'm an Arch user. I have never actually said that to anyone, and you are the first person to take offense to it in my 2 years of using this site.
OMG, I really should have more coffee before I read stuff... I thought for a minute that your user name was 'Pleasured the Manual"

Arch has the best Wiki of any distribution, pretty much no one even remotely close. Well Red Hat's info is supreme as well, but you have to have an account with them.
Termy Oct 4, 2023
Quoting: BlackBloodRumIdeally, we want Linux to be open and accepting for all, technical users or not. I'm not suggesting we "dumb it down" though.

Well, it's fine to "dumb it down" - for some users and the distros/DEs/whatever that target those.
And yeah - for those users, there should be as many saveguards and warnings as possible.

But at the same time, that means that the user should choose a distro that fits their needs - if you don't want to learn and read the wiki, Arch probably isn't for you.

As always, problems arise when the user doesn't know what they're doing - and that includes choosing the right distro


Quoting: BlackBloodRumMeanwhile, her new iPhone my aunt got her? She is always complaining about it!

Can personally totally understand - i've never understood why Apples UX is deemed "intuitive". ^^

But my experience is similar - the people that have the least issues when switching to linux are the ones that don't know shit about computers. I guess the fact that they do not try to apply their Windows-Knowledge/Routines to it is a big factor here.
At the same time, advanced computer/Windows-Users tend to have the hardest time if they approach it with the wrong expectations.
slaapliedje Oct 4, 2023
Quoting: clatterfordslimI remember when Snap Packages were just being introduced. At that time I was running Peppermint OS 8 and was helping people out on the Peppermint Forums. The amount of hate for Snap Packages, for them not installing properly, excluding a lot of features, that the original Deb package has. We sent people to Canonical to complain there and directed people to install the original Deb package, as it will take up far less resources and work straight away, along with all the features.

Then about a year later Malware was found embedded in a Snap Package. My hate for Snap Packages evolved from the amount of complaints and for the fact they run slow, take up way too many resources. Flatpaks at least actually work, AppImages are even better in my opinion, as everything is together in one single download file. Kdenlive AppImage for example is made by the KDE team, so you can run the latest version. I wish for a world without Snap Packages, that's why I run Linux Mint Xfce edition.
The only thing missing with AppImages for me is that they don't all seem to create a proper .desktop file automatically. Other than that, they're okay. I think the other complaint I have about them is that you have to download a new one to upgrade (for most? At least Cura definitely does it that way) and so you end up with a bunch of different versions of it on your drive...
slaapliedje Oct 4, 2023
Quoting: Termy
Quoting: slaapliedjeThe huge difference between AUR and snap? You can see exactly what the AUR PKGBUILDs are doing...

They're generally built to snag from the upstream repo that you can verify, it verifies the hash against the tarball release, and you can see in the PKGBUILD if anything is being injected into it after that fact...

Yeah, the issue is the combination of AUR-Helpers (or even integrating AUR into the graphical package manager...looking at you, manjaro...) and Arch-based distros targeting 'beginners'.


I don't want to sound elitist, but the concept of the AUR is fine in the context of Arch and its intended userbase. At least it's more likely that 'real' Arch users actually read and understand the PKGBUILD before installing/updating.
But of course now with more and more people just blindly installing AUR-Packages it's becoming more attractive to malware-scum and it's only a matter of time that we'll get some more malicious packages there i fear...
I like how Garuda does it. They have a curated list of packages that they build binaries out of. Granted I'm not sure exactly how those are picked and built...
But yeah, Arch is, I feel, not a distributions for beginners to use in the first place. Even the archinstall thing should be for intermediate users. Garuda gets close to being a user friendly Arch based Linux, but the customization they do is pretty extreme.
Purple Library Guy Oct 4, 2023
Quoting: slaapliedje
Quoting: pleasereadthemanualIt's a joke. I'm an Arch user. I have never actually said that to anyone, and you are the first person to take offense to it in my 2 years of using this site.
OMG, I really should have more coffee before I read stuff... I thought for a minute that your user name was 'Pleasured the Manual"
Hmmm . . . manually? Well after all, I'm sure manuals need love too.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.