Confused on Steam Play and Proton? Be sure to check out our guide.
We do often include affiliate links to earn us some pennies. See more here.

Snap store from Canonical hit with malicious apps

By -

Canonical are currently dealing with a security incident with the Snap store, after users noticed multiple fake apps were uploaded so temporary limits have been put in place.

A post on the Snapcraft Discourse forum noted three "Fake Crypto Apps" had appeared on the store, with the user mentioning they "steal funds from user accounts". Canonical reacted pretty quickly removing them, and the packages get replaced with empty ones so that they get updated and removed for anyone who had them installed

Writing a statement Canonical's Igor Ljubuncic said:

On September 28, 2023, the Snap Store team was notified of a potential security incident. A number of snap users reported several recently published and potentially malicious snaps.

As a consequence of these reports, the Snap Store team has immediately taken down these snaps, and they can no longer be searched or installed.

Furthermore, the Snap Store team has placed a temporary manual review requirement on all new snap registrations, effectively immediately.

If you try to register a new snap while the requirement is active, you will be prompted to “request reserved name”. Upon a successful manual review from the Snap Store staff, the name will be registered. Uploading and releasing revisions for existing snaps will not be affected.

We apologize for any inconvenience this may cause our snap publishers and developers. However, we believe it is the most prudent action at this moment.

We want to thoroughly investigate this incident without introducing any noise into the system, and more importantly, we want to make sure our users have a safe and trusted experience with the Snap Store.

Please bear with us while we conduct our investigation. We will provide a more detailed update in the coming days.

Article taken from GamingOnLinux.com.
Tags: Security, Misc, Ubuntu
12 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. You can also follow my personal adventures on Bluesky.
See more from me
The comments on this article are closed.
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
44 comments
Page: «3/3
  Go to:

Termy Oct 4, 2023
But yeah, Arch is, I feel, not a distributions for beginners to use in the first place.

It totally is imho - but the more beginner you are, the more you have to be willing to learn and read the wiki. But if you ARE willing, Arch is a perfectly fine beginner distro. Especially with the amazing community - the "elitism" that is often criticized comes down to "we won't help you if you are unwilling to put in even the slightest effort" in my experience.
Purple Library Guy Oct 4, 2023
But yeah, Arch is, I feel, not a distributions for beginners to use in the first place.

It totally is imho - but the more beginner you are, the more you have to be willing to learn and read the wiki. But if you ARE willing, Arch is a perfectly fine beginner distro. Especially with the amazing community - the "elitism" that is often criticized comes down to "we won't help you if you are unwilling to put in even the slightest effort" in my experience.
. . . Which I'm not, so I'll stick to Mint.
clatterfordslim Oct 5, 2023
Quoting: slaapliedje
The only thing missing with AppImages for me is that they don't all seem to create a proper .desktop file automatically.

I create my own, only use two AppImages. Kdenlive and Audacity. Every time an upgrade is downloaded, just change the version number in the .desktop file and of course delete the old .AppImages. I'm old school and believe in DIM (Do It Myself.) That is one of the things that Windows users, when coming over to Linux don't realise, they have to do some technical stuff themselves, to get some things done. It isn't all handed to you on a plate and it is that aspect of Linux I like. Linux teaches you at the same time as using it.
slaapliedje Nov 1, 2023
The problem with AUR is, for a new user at least; is it provides a false sense of security. Unlike the regular distribution packages there is a much lower level of validation, so it is possible for AUR to have dangerous packages. Even experienced users may only check a few PKGBUILDs, found they're safe, continue to use it however neglecting to check further.

You know what I've noticed lately? It used to require 'yay -Syua' to include the AUR built stuff, but now even the -Syu grabs things that are using the AUR PKGBUILDs. Kind of annoys me and makes it a little more effort to check things.

Granted with the chaotic-aur that Garuda uses where they pre-build a lot of AUR packages (hopefully they are actually verified), I find myself using only maybe two from AUR (FoundryVTT is one, trying to remember what the other is, but I think it's a closed source tarball you have to download and the PKGBUILD just creates .Desktop files and puts icons in the right place).
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.