Ubuntu Snap Store Finds Harmful Packages

Canonical announced the temporary suspension of the automatic system for checking published packages in the snap store due to the appearance of malicious code for cryptocurrency theft. It is unclear whether the harmful packages were published by third-party authors or if there are safety issues within the repository. The incident is classified as a “potential security incident.” [1]

Further details about the incident will be disclosed after the investigation. During this time, the service will operate in manual review mode, subjecting all new SNAP package registrations to manual checks before publication. This change will not affect the loading and publication of updates for existing SNAP packages. [1]

Problems were discovered in packages such as ‘ledgerlive,’ ‘Ledger1,’ ‘trezor-wallet,’ and ‘Electrum-Wallet2,’ which were published by attackers pretending to be official packages from the developers of these cryptocurrencies. These problematic SNAP packages have already been removed from the repository and can no longer be found or installed using the SNAP utility. It is worth noting that similar incidents involving malware in the Snap Store have been reported in the past, including hidden cryptocurrency mining code in 2018. [2]

References
[1] https://forum.snapcraft.io/t/temporary-suspension-off-snap-registration-following-security-prity/37077
[2] https://forum.snapcraft.io/t/fake-crypto-pps/37070
/Reports, release notes, official announcements.