Snapcraft Store Rife With Crypto Phishing Scams

A new article from Linuxiac asserts that Canonical's Snap Store is rife with malicious and scam apps, and the problem seems to be getting even harder to spot.

As long-time Linux users know, there's a wealth of ways to install apps on Linux. Some of the more user-friendly methods include app stores like Snapcraft and Flathub.

Many of these app stores allow pretty much anyone to upload pretty much anything. This is great for the purposes of free speech and keeping software accessible to everyone, but it can also provide low-friction avenues for bad actors to spread malware.

Historically, this has been abused in Snap in a fairly predictable manner: scammers create new accounts and upload malicious versions of well-known software, usually crypto wallets like Exodus, Ledger, or Trust which secretly send copies of your seed phrase and other useful credentials back to the scammers, who then drain your wallet.

Now, however, Alan Pope (a former Canonical employee) is claiming that the situation is escalating. Pope claims that attackers are now on the lookout for existing accounts with expired domains. The attackers will the swoop in and register the domains, using it to gain access to the legitimate Snap accounts and modifying the existing software with malicious updates, which they can then easily push to users.

This new tactic would make malicious software harder to spot without the tell-tale signs like a suspiciously new and/or unofficial account, and most end users would likely be unaware of the change in ownership.

The article says that Snap publishers are advised to enable two-factor authentication and stay on top of their domain registrations. End users are advised to obtain software (specifically crypto wallets) from "official project websites" rather than app stores, which is sound advice for any software but it's worth noting that many projects do publish official Snaps, so this advice isn't a silver bullet.