https://www.gamingonlinux.com/2023/1...alicious-apps/
Users noticed, not Canonical. They should make a system where packages are curated
Canonical are currently dealing with a security incident with the Snap store, after users noticed multiple fake apps were uploaded so temporary limits have been put in place.
A post on the Snapcraft Discourse forum noted three "Fake Crypto Apps" had appeared on the store, with the user mentioning they "steal funds from user accounts". Canonical reacted pretty quickly removing them, and the packages get replaced with empty ones so that they get updated and removed for anyone who had them installed
Writing a statement Canonical's Igor Ljubuncic said:
A post on the Snapcraft Discourse forum noted three "Fake Crypto Apps" had appeared on the store, with the user mentioning they "steal funds from user accounts". Canonical reacted pretty quickly removing them, and the packages get replaced with empty ones so that they get updated and removed for anyone who had them installed
Writing a statement Canonical's Igor Ljubuncic said:
On September 28, 2023, the Snap Store team was notified of a potential security incident. A number of snap users reported several recently published and potentially malicious snaps.
As a consequence of these reports, the Snap Store team has immediately taken down these snaps, and they can no longer be searched or installed.
Furthermore, the Snap Store team has placed a temporary manual review requirement on all new snap registrations, effectively immediately.
If you try to register a new snap while the requirement is active, you will be prompted to “request reserved name”. Upon a successful manual review from the Snap Store staff, the name will be registered. Uploading and releasing revisions for existing snaps will not be affected.
We apologize for any inconvenience this may cause our snap publishers and developers. However, we believe it is the most prudent action at this moment.
We want to thoroughly investigate this incident without introducing any noise into the system, and more importantly, we want to make sure our users have a safe and trusted experience with the Snap Store.
Please bear with us while we conduct our investigation. We will provide a more detailed update in the coming days.
As a consequence of these reports, the Snap Store team has immediately taken down these snaps, and they can no longer be searched or installed.
Furthermore, the Snap Store team has placed a temporary manual review requirement on all new snap registrations, effectively immediately.
If you try to register a new snap while the requirement is active, you will be prompted to “request reserved name”. Upon a successful manual review from the Snap Store staff, the name will be registered. Uploading and releasing revisions for existing snaps will not be affected.
We apologize for any inconvenience this may cause our snap publishers and developers. However, we believe it is the most prudent action at this moment.
We want to thoroughly investigate this incident without introducing any noise into the system, and more importantly, we want to make sure our users have a safe and trusted experience with the Snap Store.
Please bear with us while we conduct our investigation. We will provide a more detailed update in the coming days.
Users noticed, not Canonical. They should make a system where packages are curated
Comment