- Hackers hijack dormant Snapcraft apps to spread cryptocurrency-stealing malware
- Attackers exploit expired domains to reset passwords and update snaps with malicious code
- Malware mimics wallet apps, stealing recovery phrases and draining funds up to $490,000
Snapcraft is being invaded by hackers who are taking over dormant and inactive apps (‘snaps’) and using them to steal people’s cryptocurrency, experts have said.
“There’s a relentless campaign by scammers to publish malware in the Canonical Snap Store. Some get caught by automated filters, but plenty slip through,” cybersecurity researchers at Anchore said.
Snapcraft is Canonical’s platform and ecosystem for Linux applications. It’s closely tied to Ubuntu, but it works across many Linux distros. Snaps, on the other hand, are the apps themselves. A snap is a self-contained software package that includes the application plus most of its dependencies. These snaps run in isolation (sandboxed), update automatically, and work the same way across different Linux systems.
Crypto wallets in the crosshairs
Many snaps are dormant, and their domains expired. Researchers are saying that the crooks are hunting for expired domains, buying them, and then triggering a password reset on the store. That way they gain legitimate access to the snaps, which they then update to contain malicious code.
In most instances, they are targeting cryptocurrency wallets. Anchore says “dozens” of such snaps were already targeted, stealing from $10,000, up to $490,000 in bitcoin and other cryptocurrencies.
“The malware masquerades as genuine apps like Exodus, Ledger Live, or Trust Wallet. It asks users to enter their wallet recovery phrase, sends those credentials to the criminals, displays an error to the user, and by the time anyone realizes what’s happened, the wallet is empty,” the expert warns.
The identity of the attackers is unknown, but apparently, they are located in, or around, Croatia.
Canonical has been hard at work trying to curb the campaign, but Anchore describes it as a “relentless game of whack-a-mole” - as soon as one snap is removed, another one is taken over.
To make sure your crypto is safe, be extremely careful when downloading apps from any source, especially cryptocurrency wallets and adjacent software.
Via Cybernews
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Source: TechRadar
