- Hackers hijack dormant Snapcraft apps to spread cryptocurrency-stealing malware
- Attackers exploit expired domains to reset passwords and update dumps with malicious code
- Malware imitates wallet apps, stealing recovery phrases and draining funds up to $490,000
Snapcraft is being overrun by hackers who are taking over dormant and inactive apps (“snaps”) and using them to steal people’s cryptocurrency, experts said.
“Scammers are waging a relentless campaign to post malware to the Canonical Snap Store. Some is detected by automated filters, but many slip through,” the Anchore cybersecurity researchers said.
Snapcraft is Canonical’s platform and ecosystem for Linux applications. It is closely related to Ubuntu, but it works on many Linux distributions. Snaps, on the other hand, are the apps themselves. A snap is a standalone software package that includes the application and most of its dependencies. These snapshots run in isolation (sandboxed), update automatically, and work the same on different Linux systems.
Crypto wallets in the crosshairs
Many snaps are inactive and their domains have expired. Researchers say scammers look for expired domains, buy them, then trigger a password reset on the store. This way, they gain legitimate access to the snaps, which they then update to contain malicious code.
In most cases, they target cryptocurrency wallets. Anchore says “dozens” of these mugshots have already been targeted, stealing between $10,000 and $490,000 in bitcoin and other cryptocurrencies.
“The malware impersonates real applications like Exodus, Ledger Live or Trust Wallet. It asks users to enter the recovery phrase for their wallet, sends these credentials to the criminals, displays an error to the user, and by the time someone realizes what happened, the wallet is empty,” the expert warns.
The identity of the attackers is unknown, but they are believed to be in or around Croatia.
Canonical has worked hard to try to rein in the campaign, but Anchore describes it as a “relentless game of whack-a-mole”: as soon as one shot is taken down, another is taken over.
To ensure your cryptocurrency is safe, use extreme caution when downloading apps from any source, especially cryptocurrency wallets and adjacent software.
Via Cybernews
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
