25.01.2026., 23:12
|
#5161
|
|
White Rabbit
Datum registracije: May 2006
Lokacija: -
Postovi: 5,572
|
Citiraj:
An anonymous reader shared this article from the blog Linuxiac
Citiraj:
|
In a blog post, Alan Pope, a longtime Ubuntu community figure and former Canonical employee who remains an active Snap publisher... [warns of] a persistent campaign of malicious snaps impersonating cryptocurrency wallet applications. These fake apps typically mimic well-known projects such as Exodus, Ledger Live, or Trust Wallet, prompting users to enter wallet recovery phrases, which are then transmitted to attackers, resulting in drained funds.
|
The perpetrators had originally used similar-looking characters from other alphabets to mimic other app listings, then began uploading "revisions" to other innocuous-seeming (approved) apps that would transform their original listing into that of a fake crypto wallet app.
But now they're re-registering expired domains to take over existing Snap Store accounts, which Pope calls "a significant escalation..."
Citiraj:
I worked for Canonical between 2011 and 2021 as an Engineering Manager, Community Manager, and Developer Advocate. I was a strong advocate for snap packages and the Snap Store. While I left the company nearly five years ago, I still maintain nearly 50 packages in the Snap Store, with thousands of users... Personally, I want the Snap Store to be successful, and for users to be confident that the packages they install are trustworthy and safe.
Currently, that confidence isn't warranted, which is a problem for desktop Linux users who install snap packages. I report every bad snap I encounter, and I know other security professionals do the same — even though doing so results in no action for days sometimes... To be clear: none of this should be seen as an attack on the Snap Store, Canonical, or the engineers working on these problems. I'm raising awareness of an issue that exists, because I want it fixed... But pretending there isn't a problem helps nobody.
|
|
|
|
|