Malware found in Ubuntu Snap Store

Oh hurry up! Just because some software packages can be installed directly from the Ubuntu Software Center does not guarantee their safety. The recent discovery of malware in certain snapshot packages in the Ubuntu Snaps Store proves this. User Nicolas uploaded at least two snapshot packages 2048buntu and Hextris to the Ubuntu Snaps Store, which contained malware. Since then, all packages of Nicolas have been Removed From the Ubuntu Snaps Store,Pending further investigation“.This report comes from insect It mentioned that the 2048buntu snap package (and other packages of Nicolas) contains a hidden cryptocurrency miner.
of inside The script bundled with the snap package uses [email protected] Email address. I think that is a way to get Ferrari.2048buntu Ubuntu snapshot storage

An interesting aspect is that Nicholas used a proprietary license in at least some snapshots. For example, the 2048buntu snapshot was submitted as proprietary (the game itself was not developed by Nicolas). Problematic game 2048, Using the MIT license, as long as the copyright notice is retained, the license allows it to be distributed as a proprietary without providing the source code.
Side note: 2048buntu has been removed from the Ubuntu Snap store, but you can view its page in the following way Google Cache. But we can’t see the contents of the package anymore (unless it is somewhere on GitHub but I can’t find it), how is this possible? Well, the Ubuntu Snap Store allows anyone to upload snap packages, as opposed to packages (debs) available in the official Ubuntu repositories. The reason for this is to provide users with easier-to-install software packages. What is your opinion on this? Do you think that by allowing anyone to upload packages to the Ubuntu store, more and more malware will be spread to users, or is this an isolated incident? Canonical React vs. Ubuntu Snap Store cryptocurrency mining malware. News passed Reddit (U/Kron4ek).

Source

Sidebar