I don’t know if there’s already a topic on this but… Someone uploaded another malware snap to the Snap Store: https://popey.com/blog/2024/02/exodus-bitcoin-wallet-490k-swindle/
Props to the Snap Store team for removing the offending program fast, but these incidents tarnish the Snap Store’s reputation as well as Ubuntu’s. It’s obvious why the Snap Store keeps getting targeted. It’s a huge attack vector, like the Play Store is. Even so, I know it’s hard to detect malware, but I believe that the process of accepting snaps to the store should be much more rigurous. Allowing anyone to upload any program is going to lead to a disaster. It would be good to check whether or not the entity uploading the snap is either the company/team behind the application or a representative that has been entrusted by the company/team behind the app with maintaining the snap version of it. Or, for open source apps not published by the official team, make sure the people publishing it are trustworthy (for example the Snapcrafters team do a great job). This won’t make malware disappear, but it would at least filter out malware masquerading as other legitimate apps.
1 Like
If you want this to be seen by the snap store crew, better post on https://forum.snapcraft.io …
There are already a few discussions in the store category around this topic… i.e.:
5 Likes
Closed: Offtopic, relates to the snapcraft.io website and not the snap-store app itself, which is what this category is about (two separate projects).