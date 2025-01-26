Stories
Slash Boxes
Comments

SoylentNews is people

Attackers Find a New Way to Share Malicious Snap Packages

posted by hubie on Monday January 26, @07:11AM   Printer-friendly
from the snap-to-it dept.
Security

An Anonymous Coward writes:

https://distrowatch.com/dwres.php?resource=showheadline&story=20123

Alan Pope, a former Ubuntu contributor and current Snap package maintainer, has raised a concern on his blog about attackers sneaking malicious Snap packages into Canonical's package repository.

"There's a relentless campaign by scammers to publish malware in the Canonical Snap Store. Some gets caught by automated filters, but plenty slips through. Recently, these miscreants have changed tactics - they're now registering expired domains belonging to legitimate snap publishers, taking over their accounts, and pushing malicious updates to previously trustworthy applications. This is a significant escalation."

Details on the attack are covered in Pope's blog post.

Original Submission


«  UK MPs Call for AI Stress Testing in Financial Services
This discussion was created by hubie (1068) for logged-in users only. Log in and try again!
Attackers Find a New Way to Share Malicious Snap Packages | Log In/Create an Account | Top | 1 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 0) by Anonymous Coward on Monday January 26, @07:22AM

    by Anonymous Coward on Monday January 26, @07:22AM (#1431322)

    There's never a _solution_, but:

    - If a password is reset, the next 1 month's, or 3, pushes are reviewed manually.

(1)