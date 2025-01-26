26/01/25/0432221 story
posted by hubie on Monday January 26, @07:11AM
from the snap-to-it dept.
from the snap-to-it dept.
https://distrowatch.com/dwres.php?resource=showheadline&story=20123
Alan Pope, a former Ubuntu contributor and current Snap package maintainer, has raised a concern on his blog about attackers sneaking malicious Snap packages into Canonical's package repository.
"There's a relentless campaign by scammers to publish malware in the Canonical Snap Store. Some gets caught by automated filters, but plenty slips through. Recently, these miscreants have changed tactics - they're now registering expired domains belonging to legitimate snap publishers, taking over their accounts, and pushing malicious updates to previously trustworthy applications. This is a significant escalation."
Details on the attack are covered in Pope's blog post.
This discussion was created by hubie (1068) for logged-in users only. Log in and try again!
Attackers Find a New Way to Share Malicious Snap Packages | Log In/Create an Account | Top | 1 comments | Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
(Score: 0) by Anonymous Coward on Monday January 26, @07:22AM
There's never a _solution_, but:
- If a password is reset, the next 1 month's, or 3, pushes are reviewed manually.