Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Ubuntu Bug Operating Systems Software Technology

Malware Found In the Ubuntu Snap Store (linuxuprising.com) 90

An anonymous reader quotes a report from Linux Uprising: Oh, snap! Just because some packages are available to install directly from the Ubuntu Software Center doesn't make them safe. This is proved by a recent discovery of malware in some snap packages from the Ubuntu Snaps Store.

At least two of the snap packages, 2048buntu and hextris, uploaded to the Ubuntu Snaps Store by user Nicolas Tomb, contained malware. All packages by Nicolas have since been removed from the Ubuntu Snaps Store, "pending further investigations." The report comes from a bug which mentions that the 2048buntu snap package (and other packages by Nicolas Tomb) contains a hidden cryptocurrency miner inside.

This discussion has been archived. No new comments can be posted.

Malware Found In the Ubuntu Snap Store

Comments Filter:
  • by Anonymous Coward on Sunday May 13, 2018 @05:32AM (#56603092)

    This is why Linux needs the equivalent of the Zone Alarm firewall. Something that will alert a desktop user every time a program first attempts to connect to the internet and allow the user to say yes or no to the attempt. If your firewall allows all outbound traffic by default you do no have a hope in hell of catching a malware infection...

    If you've got such software then at least you know something nasty has managed to infect your machine as you'll spot it the first time it tries to "phone home"..

    • You mean like ufw?

      • Re: (Score:2, Informative)

        by Anonymous Coward

        I've never cared much for ufw. It's basically just a GUI for setting rules for iptables. When I'm working with iptables, I'd rather set them manually through a shell.

        I believe GP just meant something that would give a notification when a program tried to communicate out that's not on the "approved" list.

        I'd much prefer something along the lines of atguard, before Symantec raped it. The feature I liked from atguard was the "Rule Assistant" that would give a popup when something didn't match one of the rules.

    • Give that asshole Poettering five minutes and he'll shit out some systemd code.

    • It's called firestarter. Been around for ages.
  • As a linux fanatic, I find his deed reprehensible. Where do we begin? Let's see:

    1. Install Ubuntu. Then--

    Enough! 20 years in the electric chair!

  • I do own multiple password authentication methods... not even talking about my android phone! I like chrome but how many times a year do I have to physically type my password?

  • by Anonymous Coward on Sunday May 13, 2018 @06:56AM (#56603212)

    With all dependencies built in, there is a lot to comb through, not to mention that those dependencies may not even be completely patched and up to date.

    I'd rather install software the traditional way and be sure that each component I install is verified.

  • O'rly! (Score:5, Insightful)

    by Anonymous Coward on Sunday May 13, 2018 @07:00AM (#56603216)

    How's this surprising. These containerized applications are full userland stacks, all the libs and dependencies the program needs, and then some, wrapped up. It's so easy to hide malware there, and so very difficult to audit them before inclusion, because their very raison d'etre is --- to avoid maintainership and allow "third party" vendors to distribute their mini-distros around.

    Is anyone REALLY surprised by this?

  • by Fly Swatter ( 30498 ) on Sunday May 13, 2018 @09:42AM (#56603554) Homepage
    They wanted to replicate the android and fruit ecosystems. Looks like they did.
    • That depends. If all they did was make an app store available, then they did _not_ replicate said ecosystems.

      Apple and Google both have some form of curation process to help keep malicious applications out. (I'm not going to get into who does it better cause that's beside the point).

      If Ubuntu, or anyone else, wants to maintain snap repos, then they are going to have to maintain the same protection infrastructure. A perfect example is the Cydia ecosystem. It's a god forsaken mess, and at this point it's

  • so . . Ubuntu is becoming more and more like Microsoft Windows?
    Good to know . . .

  • by Casandro ( 751346 ) on Sunday May 13, 2018 @12:15PM (#56604024)

    Essentially you need to keep a separation between code and data. Data is something you can get from any source as dubious data will never be able to breach the security.

    Code on the other hand are commands for your computer. Every new code you get onto your computer is a risk you take as it can be malevolent. Therefore you shouldn't take executing foreign code lightly. Ideally you only have your fixed set of programs which you can combine to use with data you get from everywhere.

    Things like AppStores pervert that safety precaution. They act as if it was possible to have a secure system, yet download software written by dubious developers.
    Sadly, we as a society seem to fall into the same trap over and over again, from Javascript to Active X. From Visual Basic for Applications to Appstores.

  • Because the blockchain is public, we know all the blocks that passed through this bad actor -- they were at one point registered to myfirstferrari. We can declare these coins as "radioactive", instructing our systems to not buy coins or fractions that had ever been owned by him or any of the other malware-powered miners.

  • Maintained by a team of accountable people. This was always one of the reasons a decent Linux distro was more secure than an equivalent Windows machine - because your packages came from a verified source. The concept of snaps makes things more convenient - for everyone, including malware authors. But, you know, so convenient.

You know, the difference between this company and the Titanic is that the Titanic had paying customers.

Working...