- Hackers hijack dormant Snapcraft apps to spread malware that steals cryptocurrency
- Attackers exploit expired domains to reset passwords and update snaps with malicious code
- Malware impersonates wallet apps, steals recovery phrases and drains funds up to $490,000
Snapcraft is being invaded by hackers who take over dormant and inactive apps (‘snaps’) and use them to steal people’s cryptocurrency, experts have said.
“There is a relentless campaign by fraudsters to publish malware on the Canonical Snap Store. Some are caught by automated filters, but plenty slip through,” said cybersecurity researchers at Anchore.
Snapcraft is Canonical’s platform and ecosystem for Linux applications. It is closely related to Ubuntu, but it works across many Linux distros. Snaps, on the other hand, are the apps themselves. A snap is a self-contained software package that includes the application plus most of its dependencies. These snaps run in isolation (sandboxed), update automatically, and work the same way across different Linux systems.
Crypto wallets in the crosshairs
Many snaps are dormant and their domains have expired. Researchers say the crooks hunt for expired domains, buy them, and then trigger a password reset on the store. In this way, they gain legitimate access to the snaps, which they then update to contain malicious code.
In most cases, they target cryptocurrency wallets. Anchore says “dozens” of such snaps were already targeted, stealing from $10,000, up to $490,000 in bitcoin and other cryptocurrencies.
“The malware disguises itself as genuine apps like Exodus, Ledger Live or Trust Wallet. It asks users to enter their wallet recovery phrase, sends these credentials to the criminals, displays an error to the user, and when someone realizes what has happened, the wallet is empty,” warns the expert.
The identity of the attackers is unknown, but apparently they are in or around Croatia.
Canonical has been working hard to curb the campaign, but Anchore describes it as a “relentless game of whack-a-mole” – as soon as one snap is removed, another takes over.
To ensure your crypto is safe, be extremely careful when downloading apps from any source, especially cryptocurrency wallets and related software.
Via Cyber news
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
