Ubuntu will manually review Snap Store after crypto wallet scams
The Snap Store, where containerized Snap apps are distributed for Ubuntu's Linux distribution, has been attacked for months by fake crypto wallet uploads that seek to steal users' currencies. As a result, engineers at Ubuntu's parent firm are now manually reviewing apps uploaded to the store before they are available.
The move follows weeks of reporting by Alan Pope, a former Canonical/Ubuntu staffer on the Snapcraft team, who is still very active in the ecosystem. In February, Pope blogged about how one bitcoin investor lost nine bitcoins (about $490,000 at the time) by using an Exodus Wallet" app from the Snap store. Exodus is a known cryptocurrency wallet, but this wallet was not from that entity. As detailed by one user wondering what happened on the Snapcraft forums, the wallet immediately transferred his entire balance to an unknown address after a 12-word recovery phrase was entered (which Exodus tells you on support pages never to do).
Kevin Purdy at Ars Tecnhica
Cryptocurrency, or as I like to call it, MLMs for men, are a scammer's goldmine. It's a scam used to scam people. Add in a poorly maintained application store like Ubuntu's Snap Store, and it's dangerous mix of incompetence and scammers. I honestly thought Canonical already nominally checked the Snap Store - as one of its redeeming features, perhaps its only redeeming feature - but it turns out anyone could just upload whatever they wanted and have it appear in the store application on every Ubuntu installation. Excellent.