www. O S N E W S .com
News Features Interviews
BlogContact Editorials
.
Malware found in the Ubuntu Snap store
By Thom Holwerda on 2018-05-13 15:29:32

Oh, snap! Just because some packages are available to install directly from the Ubuntu Software Center doesn't make them safe. This is proved by a recent discovery of malware in some snap packages from the Ubuntu Snaps Store.

At least two of the snap packages, 2048buntu and Hextris, uploaded to the Ubuntu Snaps Store by user Nicolas Tomb, contained malware. All packages by Nicolas have since been removed from the Ubuntu Snaps Store, "pending further investigations".

I honestly did not expect anyone to care enough to upload malware to the Ubuntu Software Center. Good thing it got caught.

 Email a friend - Printer friendly - Related stories
.
Read Comments: 1-10 -- 11-14
.
RE[2]: Comment by ahferroin7
By oiaohm on 2018-05-15 02:22:39
> Yeah, it doesn't matter if you are apple, google, microsoft, a linux distro, etc, these things do slip in. None of them have enough experts to comprehensively audit every piece of 3rd party code submitted to them. Furthermore a malicious hacker can foil automated defenses by only activating their malware after an app has been approved.

Linux distributions as whole have enough personal to audit everything. But it would require killing off all the duplication of effort building the same programs over again. Its about the only group with enough resources to-do it. But its the hurding cats problem.

> This is why sandboxing is important, it allows us to keep restraints on applications that are running without automatically giving them free reign over everything.

True but sandbox still does not remove need to audit.
Permalink - Score: 2
.
RE[3]: Who caught this?
By oiaohm on 2018-05-15 02:29:01
> Or the time that the Chromium packages on Debian downloaded blackbox binaries that had the ability to listen in on your microphone?
https://bugs.debian.org/cgi-bin/b...

Please note it was Debian people who noticed that this was happening. The issue was a upstream modification to the Chromium source so every distribution shipping current version Chromium was having this happen.

Same features have appear in windows programs and windows users have never noticed it.
Permalink - Score: 3
.
RE: This is why we can't have nice things
By zima on 2018-05-18 00:30:27
And people often blindly copy & paste commands found on www...
Permalink - Score: 2
.
RE[3]: Comment by ahferroin7
By zima on 2018-05-18 00:31:08
> But its the hurding cats problem.
That might be a problem Hurd has... ;)
Permalink - Score: 2

Read Comments 1-10 -- 11-14

No new comments are allowed for stories older than 10 days.
This story is now archived.

.
News Features Interviews
BlogContact Editorials
.
WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?