Canonical Temporarily Suspends Automatic Package Checks Due to Security Incident
Canonical, the company behind the popular Ubuntu operating system, has temporarily disabled the automatic system for checking published packages at the Snap Store. This decision comes after the discovery of suspicious packets containing malicious code designed to steal cryptocurrency from users. It is currently unclear whether these malicious packages were published by third-party developers or if there is a security issue with the repository itself. In an official statement, Canonical referred to the situation as a “potential safety incident”.
Canonical has assured users that more information about the incident will be provided once the investigation is completed. In the meantime, the service has switched to a manual review mode. This means that all new registrations of Snap packages will undergo manual checks before being published. Existing Snap packages will still be able to receive updates without any delays or interruptions.
The discovery of the malicious packages led to the identification of issues in several packages: Ledgerlive, Ledger1, Trezor-wallet, and Electrum-wallet2. Attackers falsely published these packages under the guise of official packages from the developers of these cryptocurrencies. However, they had no association with the legitimate developers. Canonical has already removed these problematic Snap packages from the repository, ensuring that they are no longer accessible for search or installation through the Snap utility.