Malware Found In the Ubuntu Snap Store

An anonymous reader quotes a report from Linux Uprising: Oh, snap! Just because some packages are available to install directly from the Ubuntu Software Center doesn't make them safe. This is proved by a recent discovery of malware in some snap packages from the Ubuntu Snaps Store.

At least two of the snap packages, 2048buntu and hextris, uploaded to the Ubuntu Snaps Store by user Nicolas Tomb, contained malware. All packages by Nicolas have since been removed from the Ubuntu Snaps Store, "pending further investigations." The report comes from a bug which mentions that the 2048buntu snap package (and other packages by Nicolas Tomb) contains a hidden cryptocurrency miner inside.

*Nix needs a Zone Alarm equivalent

This is why Linux needs the equivalent of the Zone Alarm firewall. Something that will alert a desktop user every time a program first attempts to connect to the internet and allow the user to say yes or no to the attempt. If your firewall allows all outbound traffic by default you do no have a hope in hell of catching a malware infection...

If you've got such software then at least you know something nasty has managed to infect your machine as you'll spot it the first time it tries to "phone home"..

Re: *Nix needs a Zone Alarm equivalent

Most people block incoming by default, but not outgoing. The reason is simply convenience; if the desktop environment showed you a GUI popup asking permission every time an outgoing connection was attempted, it would be much easier for the average user to adopt. Pretty sure that's what the grandparent was talking about; if you still think its trivial, I'd love a link to instructions :)

Re:*Nix needs a Zone Alarm equivalent

I've never cared much for ufw. It's basically just a GUI for setting rules for iptables. When I'm working with iptables, I'd rather set them manually through a shell.

I believe GP just meant something that would give a notification when a program tried to communicate out that's not on the "approved" list.

I'd much prefer something along the lines of atguard, before Symantec raped it. The feature I liked from atguard was the "Rule Assistant" that would give a popup when something didn't match one of the rules. The popup would show you the port, ip address, application, and direction of communication attempt and allow you to setup firewall rules based on that communication attempt. This would help limit outbound connections to specific programs and get notifications when malware is trying to phone home.

The main drawback to this is having to setup firewall rules for each program. Also, it could get fairly cumbersome if you limit the program by MD5, since you'd have to update the hash every time you update a program.

Snaps are impossible to verify

With all dependencies built in, there is a lot to comb through, not to mention that those dependencies may not even be completely patched and up to date.

I'd rather install software the traditional way and be sure that each component I install is verified.

O'rly!

How's this surprising. These containerized applications are full userland stacks, all the libs and dependencies the program needs, and then some, wrapped up. It's so easy to hide malware there, and so very difficult to audit them before inclusion, because their very raison d'etre is --- to avoid maintainership and allow "third party" vendors to distribute their mini-distros around.

Is anyone REALLY surprised by this?

Re: unsafe?

[Z00L00K]

It just highlights that something worse could have been attached.

However it also highlights that there's a need to also be able to invalidate cryptocurrency obtained through illegal means.

Re:False sense of security?

[Ol+Olsoc]

I have always felt Linux people have that same false sense of security that Apple Mac users have always had. Nothing can touch them because of some lame reason.

I have always known that some people generalize the shit out of things.

No OS is completely immune while on teh intertoobz. But it doesn't take too much research to find out which major OS is the least secure. It ain't Linux, and it aint MacOS.

Who didn't see this coming?

[Fly+Swatter]

They wanted to replicate the android and fruit ecosystems. Looks like they did.

Re: unsafe?

[cfalcon]

> However it also highlights that there's a need to also be able to invalidate cryptocurrency obtained through illegal means.

Illegal according to whom? The Chinese government? If you shook your head no, then why wouldn't they be able to, if a government you approve of is able to do so?

It's a general problem

[Casandro]

Essentially you need to keep a separation between code and data. Data is something you can get from any source as dubious data will never be able to breach the security.

Code on the other hand are commands for your computer. Every new code you get onto your computer is a risk you take as it can be malevolent. Therefore you shouldn't take executing foreign code lightly. Ideally you only have your fixed set of programs which you can combine to use with data you get from everywhere.

Things like AppStores pervert that safety precaution. They act as if it was possible to have a secure system, yet download software written by dubious developers.
Sadly, we as a society seem to fall into the same trap over and over again, from Javascript to Active X. From Visual Basic for Applications to Appstores.

Use blockchain history to mark "radioactive" coins

[OpenGLFan]

Because the blockchain is public, we know all the blocks that passed through this bad actor -- they were at one point registered to myfirstferrari. We can declare these coins as "radioactive", instructing our systems to not buy coins or fractions that had ever been owned by him or any of the other malware-powered miners.