Check out our Monthly Survey Page to see what our users are running.
We do often include affiliate links to earn us some pennies. See more here.

No this isn't a joke, sadly. Canonical once again have an issue with scam apps appearing on the Snap Store, which is becoming a repeating problem. I wrote about this before in February, and again previously in October 2023 and here we go again.

After the last issue, Canonical seemed to be slowly moving on the subject, with discussions being opened on their Discourse forum to chat about implementing more checks. So they uh, might want to speed up actually checking on app publishers.

Alan Pope has a great blog post about the issue, talking about how another ten scam crypto wallet apps appeared from "digisafe00000". They were all removed, but uh, guess what? They're back again under a different publisher name this time it's "codeshield0x0000".

A weirdly named publisher putting up 10 crypto wallet apps? You know, if there was proper human review here, someone might have actually thought "hey this is a bit odd, maybe I should do a little digging first?".

Since they're on the Snap Store, they will also show up in the Ubuntu Software app, which is quite a problem.

Pope dives into one of the apps in the blog post, noting the create an account function (obviously) doesn't work, since they just want you to "log in" with your current wallet details so they can poach it. As Pope says "It’s trivially easy to publish scammy applications like this in the Canonical Snap Store, and for them to go unnoticed." and it seems it really is. So right now if you want to scam users on Ubuntu — just publish a Snap of something!

Really not a good look for Canonical and Ubuntu. They need to get moving on this repeating problem.

Article taken from GamingOnLinux.com.
30 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
19 comments
Page: 1/2»
  Go to:

kerossin Mar 19
Ok, so what's the point of the Snap Store?

I thought the whole point of having a closed and official Canonical-controlled store was trust - you will be getting only legit apps approved by Canonical and not some wild west of community sources.

But since Canonical does no checks it's pointless.

Random user: Hey, this is PayPalV2.
Canonical: Welcome aboard! Don't reply, this was an automated message
Brokatt Mar 19
View PC info
  • Supporter
Popeye Popey is such a great guy. Even though he's left Canonical behind, he's still involved with Ubuntu and Snaps.


Last edited by Brokatt on 19 March 2024 at 3:42 pm UTC
Boldos Mar 19
View PC info
  • Supporter
Quoting: kerossinOk, so what's the point of the Snap Store?

I thought the whole point of having a closed and official Canonical-controlled store was trust - you will be getting only legit apps approved by Canonical and not some wild west of community sources.

But since Canonical does no checks it's pointless.

Random user: Hey, this is PayPalV2.
Canonical: Welcome aboard! Don't reply, this was an automated message
Well, the original point of having a Snap store was to have containerized desktop apps on Linux desktop.

Anyway, is this happening on Flathub too, or snap is just more discussed with this issue?
g000h Mar 19
Yes, it is pretty serious to consider that the whole software landscape is in danger of threats like this. I imagine this attack vector is partly a result of Linux's growing desktop market share, where there are more inexperienced users nowadays, who are easier to trick with malware exploits.

Into the future running an active firewall application (such as Safing Portmaster) might be an essential protective measure.

Check out Jack Rhysider's podcast talking to a real crypto scammer (and the various tricks that were implemented):
https://odysee.com/@jackrhysider:4/the-cops-had-no-idea-he-just-stole-1:a
robvv Mar 19
Blimey. I think I'll just stick with my distro's repositories which are at least curated!
How is it that despite Flathub hosting over 2,500 packages and being responsible for over 1.7 billion downloads over the past 6 years, I have not seen a single reported case of malware, but the Snap Store has had three incidents in the past 5 months?

What are they doing differently? Does Flathub detect malware early, and if so, where can I find statistics about this? Is the Snap Store that much more popular? Maybe so; they had over 2,000 snaps in 2019.

Snap deemed these apps "Safe" because they did not have any permissions, but that was provably false. Flathub also categorizes apps with no permissions and auditable code as "Safe": https://flathub.org/apps/io.github.kovzol.bibref

It should say "Probably Safe" at best. It's misleading. "Auditable source code" does not mean the source code has been audited. If it has been audited, it should say, "Audited source code".

Edit: I realized Flathub's statistics say 1.7 billion, not million.


Last edited by pleasereadthemanual on 20 March 2024 at 3:18 am UTC
LINUX-SAUNA Mar 19
Would be good to sort these issues out before next month's Ubuntu 24.04 LTS
eldaking Mar 19
I have a bunch of loose thoughts about this.

1) They really should be manually reviewing at least new dev accounts. Checking not only every new app but every update to new app (easy enough to put something harmless and then push the malicious part as an update) is a lot of work, but if any rando can create an account and start publishing apps? That is bad
2) So much work put into containerization/sandboxing, and you just let anyone distribute apps that ask for people's logins. I mean, it is good that apps can't go steal your browser cookies or replace your bootloader, don't get me wrong. But looks like there was some easier, low-tech work (having people check apps for obvious red flags) that needed to be done anyway, and it was not.
3) They should ban absolutely all cryptocurrency apps regardless. First they are exceptionally high-risk, but also fuck ponzicoins.
4) The snap store is a (partial) move from a repository that Canonical actually maintains themselves (maybe badly, but they put the software there and could make all choices) to a store where they are just a middleman, and that lets devs keep control. It is obvious that for them it is less work and more profitable, and that it is attractive for proprietary apps... but this showcases exactly the kind of problem of this approach: you are getting blackbox software from a bunch of randos, not free software from a trusted distro.
Quoting: eldaking1) They really should be manually reviewing at least new dev accounts. Checking not only every new app but every update to new app (easy enough to put something harmless and then push the malicious part as an update) is a lot of work, but if any rando can create an account and start publishing apps? That is bad
2) So much work put into containerization/sandboxing, and you just let anyone distribute apps that ask for people's logins. I mean, it is good that apps can't go steal your browser cookies or replace your bootloader, don't get me wrong. But looks like there was some easier, low-tech work (having people check apps for obvious red flags) that needed to be done anyway, and it was not.
Completely agree. This is not something you're going to pick up easily except via manual review.

Quoting: eldaking3) They should ban absolutely all cryptocurrency apps regardless. First they are exceptionally high-risk, but also fuck ponzicoins.
Mark Shuttleworth already voted not to do that: https://www.gamingonlinux.com/2024/02/snap-store-from-canonical-ubuntu-hit-with-another-crypto-scam-app/

Also, Alan Pope's article mentions that someone lost 490k to one of these crypto scam apps.

Quoting: eldaking4) The snap store is a (partial) move from a repository that Canonical actually maintains themselves (maybe badly, but they put the software there and could make all choices) to a store where they are just a middleman, and that lets devs keep control. It is obvious that for them it is less work and more profitable, and that it is attractive for proprietary apps... but this showcases exactly the kind of problem of this approach: you are getting blackbox software from a bunch of randos, not free software from a trusted distro.
This is probably an unpopular opinion, but I want proprietary software on Linux. If the Snap Store is the only way I can download Adobe After Effects, I'm completely willing to do that. The Snap Store and Flathub makes it easier for Adobe to target Linux should they ever change their mind about whether to support it in the next 15 years.

iOS doesn't have this problem on nearly the same scale despite how much more popular their app store is than the Snap Store. Yes, malicious apps have found their way onto the App Store over the past 15+ years, but only a small number of them and not regularly. Almost every app on iOS is proprietary. Yes, they have a lot more manpower to review the apps, but it shows it's possible to safely vet proprietary software.

Preventing this malware from getting on the Snap Store doesn't require analyzing the code. It requires a reviewer to realize this company is impersonating popular finance-related software they did not develop. What's that saying? "When you're wearing rose-tinted glasses, all the red flags just look like flags."


Last edited by pleasereadthemanual on 19 March 2024 at 1:22 pm UTC
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register


Or login with...
Sign in with Steam Sign in with Google
Social logins require cookies to stay logged in.