Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Malware Found In The Ubuntu Snap Store
Malware Found In The Ubuntu Snap Store
https://www.omgubuntu.co.uk/2018/05/ubuntu-snap-malware
https://www.linuxuprising.com/2018/05/m ... store.html
https://www.linuxuprising.com/2018/05/m ... store.html
Re: Malware Found In The Ubuntu Snap Store
Yup...the more Linux leaves its Unix roots and mimics Windows the more it will suffer from the same ailments as windows.bw123 wrote:If you want linux to work like windows, it will work like windows.
- sunrat
- Administrator
- Posts: 6382
- Joined: 2006-08-29 09:12
- Location: Melbourne, Australia
- Has thanked: 115 times
- Been thanked: 456 times
Re: Malware Found In The Ubuntu Snap Store
Agreed. I refuse to use Snaps, Flatpaks, Appimages etc. on principle. Malware gives me an extra reason to avoid them. Pretty sure I haven't got any malware in 15 years of using Linux "the Linux way".bw123 wrote:If you want linux to work like windows, it will work like windows.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
- ticojohn
- Posts: 1284
- Joined: 2009-08-29 18:10
- Location: Costa Rica
- Has thanked: 21 times
- Been thanked: 44 times
Re: Malware Found In The Ubuntu Snap Store
Yeah. monitoring your CPU usage and internet usage is one way. I use Firefox ESR and installed the No Coin addon. It is supposed to block mining such as Coinhive. Don't know how well it works mainly because I don't browse a lot of unknown websites, but it is supposedly a good addon. There are a lot of addons for both Firefox and Chromium that will do the same. plus, the addon is supposed to have the ability to allow mining for a brief period if you need to allow mining while you are logging in to a site. Again, I don't know as I've never had the occasion to need it.Bulkley wrote:So how does one find a сryptocurrency miner on your system? From what I've been able to find is excessive browser CPU use.
CAVEAT: Just noticed that the No Coin addon seems to significantly increase CPU usage. HMMM! Maybe it's not so good after all. May be better to just stick to the old tried and true methods.
Last edited by ticojohn on 2018-05-14 01:17, edited 1 time in total.
I am not irrational, I'm just quantum probabilistic.
Re: Malware Found In The Ubuntu Snap Store
bw123 wrote:If you want linux to work like windows, it will work like windows.
HuangLao wrote:Yup...the more Linux leaves its Unix roots and mimics Windows the more it will suffer from the same ailments as windows.
18 years for me. I agree with both of you. I am curious, though, about these miners. I may be wrong but I have the impression that they can get picked up by a browser, any browser. Is that correct?bw123 wrote:I refuse to use Snaps, Flatpaks, Appimages etc. on principle. Malware gives me an extra reason to avoid them. Pretty sure I haven't got any malware in 15 years of using Linux "the Linux way".
From HuangLao's first link.Some websites are experimenting with in-browser mining as a revenue stream to replace advertising.
When leaving a site the mining should stop. Are some sites leaving anything behind? Malfeasance is opportunity driven. There are sure to be those looking to exploit whatever and whichever. Consequently, is there a way to tell if a system is being exploited?
Re: Malware Found In The Ubuntu Snap Store
ticojohn, thanks for the tip. I found this: uBlock Origin Developers Take Steps to Block Cryptocurrency Mining Scripts
Re: Malware Found In The Ubuntu Snap Store
So what's the takeaway from this? Use only software in the official repos? I don't use Snaps [don't know what they are, never looked into it], haven't used Flatpak in Stretch and I've only used one AppImage, which was Libreoffice 6 from the official site.
EDIT, so a snap
EDIT, so a snap
So similar to a Windows .exe file, as far as I can see. What is the screening process for these before they are uploaded to the snap store?is a squashFS filesystem containing your app code and a snap.yaml file containing specific metadata. It has a read-only file-system and, once installed, a writable area.
is self-contained. It bundles most of the libraries and runtimes it needs and can be updated and reverted without affecting the rest of the system.
is confined from the OS and other apps through security mechanisms, but can exchange content and functions with other snaps according to fine-grained policies controlled by the user and the OS defaults.
- ticojohn
- Posts: 1284
- Joined: 2009-08-29 18:10
- Location: Costa Rica
- Has thanked: 21 times
- Been thanked: 44 times
Re: Malware Found In The Ubuntu Snap Store
My pleasure. I use uBblock but not sure if they have yet implemented their version of blocking crypto mining. I see that the article you referenced was from September 2017, so maybe they have implemented that function. Will investigate. The article would seem to indicate that they have done so.Bulkley wrote:ticojohn, thanks for the tip. I found this: uBlock Origin Developers Take Steps to Block Cryptocurrency Mining Scripts
I am not irrational, I'm just quantum probabilistic.
- ticojohn
- Posts: 1284
- Joined: 2009-08-29 18:10
- Location: Costa Rica
- Has thanked: 21 times
- Been thanked: 44 times
Re: Malware Found In The Ubuntu Snap Store
Update to Bulkley's comments on uBlock. I just took a look at uBlocks dashboard and the filters. They do indeed appear to be blocking several cryptocurrency miners, including coin hive. So, based on my limited knowledge I might recommend using uBlock.
Here is the uBlock filter list, for those interested
Here is the uBlock filter list, for those interested
Code: Select all
! uBlock Origin -- Resource-abuse filters
!
! To foil sites potentially abusing CPU/bandwidth resources without informed
! consent. Any such resource-abuse scripts MUST be opt-in, with complete
! informed consent from the visitor.
! https://github.com/uBlockOrigin/uAssets/issues/659
||edgeno.de^$script,third-party,domain=~edgemesh.com
/edgemesh.*.js$script,domain=~edgemesh.com|~edgeno.de
! https://github.com/uBlockOrigin/uAssets/issues/690
||coin-hive.com^$third-party
||coinhive.com^$third-party
||cnhv.co^$third-party
! https://github.com/uBlockOrigin/uAssets/pull/706
||jsecoin.com^$third-party
! https://github.com/uBlockOrigin/uAssets/pull/725
||minemytraffic.com^$third-party
! https://github.com/jspenguin2017/uBlockProtector/issues/624#issuecomment-333700969
/c-hive.js
! https://github.com/jspenguin2017/uBlockProtector/issues/636#issuecomment-334317456
||info^$script,third-party,domain=oload.info
! https://github.com/uBlockOrigin/uAssets/issues/742
||crypto-loot.com^$third-party
! https://github.com/uBlockOrigin/uAssets/issues/746
||2giga.link^*hive$script
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/32
||ppoi.org^$third-party
||projectpoi.com^$third-party
! https://github.com/uBlockOrigin/uAssets/pull/748
||webmine.cz^$third-party
! https://github.com/uBlockOrigin/uAssets/issues/754
||coinerra.com^$third-party
||listat.biz^
||lmodr.biz^
||mataharirama.xyz^$third-party
||minero.pw^$third-party
||reasedoper.pw^$third-party
! https://github.com/uBlockOrigin/uAssets/issues/762
||coin-have.com^$third-party
! https://www.bleepingcomputer.com/news/security/the-internet-is-rife-with-in-browser-miners-and-its-getting-worse-each-day/
||coinblind.com^
||coinnebula.com^
! https://github.com/uBlockOrigin/uAssets/issues/803
||safelinkconverter.com^$script,third-party
! https://github.com/uBlockOrigin/uAssets/issues/813
/coinhive.min.js
/cryptonight.wasm
/cn.wasm
||monero-miner.net^$third-party
! https://forums.lanik.us/viewtopic.php?p=128461#p128461
||jsccnn.com^$third-party
||jscdndel.com^$third-party
! https://www.bleepingcomputer.com/news/security/cryptojacking-script-found-in-live-help-widget-impacts-around-1-500-sites/
! https://publicwww.com/websites/%22lhnhelpouttab-current.min.js%22/
/lhnhelpouttab-current.min.js
! https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/
||hatevery.info^$third-party
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/59
csgoconfigs.com##script:inject(abort-current-inline-script.js, m, CH.Anonymous)
||coinhiveproxy.com^$third-party
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/63
||coinpot.co^$third-party
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/64
||openkatalog.com^$subdocument
! https://forums.lanik.us/viewtopic.php?p=129242#p129242
/XMR-monero.js$script
! https://github.com/uBlockOrigin/uAssets/issues/986
! https://forums.lanik.us/viewtopic.php?p=129505#p129505
/noblock.js
||wty46.com^
||noblock.pro^$third-party
||cryptoloot.pro^$third-party
! https://forums.lanik.us/viewtopic.php?p=129545#p129545
/adsensebase.js$script
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/74
||csgocpu.com^$third-party
! https://thevideo.us/ts9cvh421kkp#downloadVideo
/helper.wasm
! other miners
.cf^*.wasm$third-party
.info^$script,third-party,domain=oload.tv|openload.co|streamango.com|streamcherry.com
.space^*.wasm$third-party
/cloudcoins.js
/cloudcoins.min.js
/coinblind.js
/coinblind_beta.
/coinlab.js
/cryptonight-worker.js
/deepMiner.js
/jsecoin.*/?
/miner-ui.js
/miner.js
/miner.min.js
/miner?key=
/obfus.min.js
/projectpoi.min.js
/wproxy$~third-party,websocket
/xminer.js
/xminer.min.js
/xmr.js
/xmr.min.js
://api.*/lib/native.wasm$third-party
||1beb2a44.space^$third-party
||300ca0d0.space^$third-party
||310ca263.space^$third-party
||320ca3f6.space^$third-party
||330ca589.space^$third-party
||340ca71c.space^$third-party
||360caa42.space^$third-party
||370cabd5.space^$third-party
||3c0cb3b4.space^$third-party
||3d0cb547.space^$third-party
||77.162.125.199^$third-party
||ad-miner.com^$third-party
||adminer.com^$third-party
||aeros01.tk^$third-party
||aeros02.tk^$third-party
||aeros03.tk^$third-party
||aeros04.tk^$third-party
||aeros05.tk^$third-party
||aeros06.tk^$third-party
||aeros07.tk^$third-party
||aeros08.tk^$third-party
||aeros09.tk^$third-party
||aeros10.tk^$third-party
||aeros11.tk^$third-party
||aeros12.tk^$third-party
||afminer.com^$third-party
||aleinvest.xyz^$third-party
||alemoney.xyz^$third-party
||altpool.pro^$third-party
||api.inwemo.com^$third-party
||azvjudwr.info^$third-party
||baiduccdn1.com^$third-party
||cdn.cloudcoins.co^$third-party
||cdn.cloudcoins.co^$third-party
||cloudcoins.co^$third-party
||coinhive-manager.com^$third-party
||coinhive-proxy.party^$third-party
||coinhive.com^$third-party
||coinlab.biz^$third-party
||coinminerz.com^$third-party
||cookiescript.info^$third-party
||crypto-coins.club^$third-party
||darking01.tk^$third-party
||darking02.tk^$third-party
||darking03.tk^$third-party
||darking04.tk^$third-party
||darking05.tk^$third-party
||darking06.tk^$third-party
||darking07.tk^$third-party
||darking08.tk^$third-party
||darking09.tk^$third-party
||deepc.cc^$third-party
||go.megabanners.cf^$third-party
||gus.host/coins.js
||jroqvbvw.info^$third-party
||jyhfuqoh.info^$third-party
||kdowqlpt.info^$third-party
||kiwifarms.net/js/Jawsh/xmr/xmr.min.js
||megabanners.cf^$third-party
||megabanners.cf^$websocket
||minecrunch.co^$third-party
||miner.pr0gramm.com^$third-party
||minero-proxy-*.sh^$third-party
||minero-proxy-01.now.sh^$third-party
||minero-proxy-02.now.sh^$third-party
||minero-proxy-03.now.sh^$third-party
||minexmr.com^$third-party
||mmpool.org^$third-party
||monerominer.rocks^$third-party
||now.sh/*.wasm$third-party
||onlinereserchstatistics.online^$third-party
||papoto.com^$third-party
||podrltid.info^$third-party
||pool.supportxmr.com^$third-party
||rapidvideo.com/J5xj_2.js
||rawgit.com/Pocketart/$script,third-party
||reactor.cc^*.wasm
||rocks.io^$third-party
||sbhmn-miner.com^$third-party
||secumine.net^$third-party
||siteverification.online^$third-party
||siteverification.site^$third-party
||subloader.cf^$third-party
||supportxmr.com^$third-party
||xbasfbno.info^$third-party
! https://github.com/uBlockOrigin/uAssets/issues/1106
||theappguruz.com^$csp=child-src 'none';frame-src 'self' *;worker-src 'none';
||theappguruz.com/vendor/composer/installed.js$script
! https://github.com/uBlockOrigin/uAssets/issues/1116
||d3ahinqqx1dy5v.cloudfront.net^
||cloudfront.net/mmfb2.html
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/84
||minr.pw^$third-party
||cdn.jquery-uim.download^$third-party
||cndhit.xyz^$third-party
||g-content.bid^$third-party
||statistic.date^$third-party
||ad.g-content.bid^$third-party
||cdnfile.xyz^$third-party
||cnt.statistic.date^$third-party
||web.clod.pw^$third-party
||static-net.nut.cc^$third-party
||static-02.flu.cc^$third-party
||cdn.static-cnt.bid^$third-party
||web.dle-news.pw^$third-party
! https://github.com/uBlockOrigin/uAssets/issues/1149
vidzi.tv##script:inject(abort-on-property-write.js, decodeURIComponent)
||vidzi.si^$csp=worker-src 'none';
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/85#issuecomment-354658527
||cryptobara.com/client/worker.js
! http://www.myfeed4u.net/watch/2363948/1/Mayer-Tsitsipas-ATP-Doha.html
||myfeed4u.net^$csp=child-src 'none';frame-src *;worker-src 'none';
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/85#issuecomment-354672506
||reservedoffers.club^$csp=child-src 'none';frame-src *;worker-src 'none';
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/87
||skyback.ru^$csp=child-src 'none';frame-src *;worker-src 'none';
||biberukalap.com^
||gridiogrid.com^
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/88
||extratorrent.cd^$csp=child-src 'none';frame-src *;worker-src 'none';
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/90
||thepiratebay.cr^$csp=child-src 'none';frame-src *;worker-src 'none';
*?proxy=$script
! kickass mining
||kickass.cd^$csp=child-src 'none';frame-src *;worker-src 'none';
! https://github.com/uBlockOrigin/uAssets/issues/986
||ddmix.net^$csp=child-src 'none';frame-src *;worker-src 'none';
||whathyx.com^
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/94
||analytics.blue^
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/97
/bootstrap.wasm$xmlhttprequest
||smectapop12.pl^
! https://github.com/uBlockOrigin/uAssets/issues/1318
||zlx.com.br/assets/playermon.js$script
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/101
*$csp=worker-src 'none',domain=a-o.ninja|alltube.tv|byter.tv|centrum-dramy.pl|hentai-online.pl|lewd.ninja|love-drama.pl|milujivareni.cz|tokyodrift.ga|vidfile.net
||vidfile.net/*.wasm
/angular8.js
||tubetitties.com/worker.js
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/104
||flare-analytics.com^
||fileone.tv^$csp=child-src 'none';frame-src 'self' *;worker-src 'none';
! https://github.com/uBlockOrigin/uAssets/issues/1351
||miner.nablabee.com^$third-party
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/111
||m.anyfiles.ovh^
/deepMiner.min.js
! https://github.com/uBlockOrigin/uAssets/issues/1369
/crn.wasm
||freecontent.bid^$third-party
! https://github.com/easylist/easylist/commit/b750557d82c3f56b0b4ba31bbd9a21b2536a6841#commitcomment-27140868
||300mbfilms.co^$csp=worker-src 'none';
||cryptonoter.com^$third-party
||mutuza.win^$third-party
! https://github.com/easylist/easylist/issues/861
tubettajat.net##script:inject(abort-on-property-read.js, miner)
||crypto-webminer.com^$third-party
||cryweb.github.io^
||crywebber.github.io^
! https://forums.lanik.us/viewtopic.php?f=62&t=39806
||adless.io^$third-party
! https://github.com/uBlockOrigin/uAssets/issues/1402
||movie4k.is^$csp=worker-src 'none';
||vzhjnorkudcxbiy.com^
! https://www.reddit.com/r/uBlockOrigin/comments/7tgjce/new_cryptocurrency_mining_website_not_blocked_by/
tasma.ru##script:inject(abort-on-property-write.js, decodeURIComponent)
||ogrid.org^
||igrid.org^
||stat0808.info^
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/115
||dekoder.ws^$csp=worker-src 'none';
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/137
||leitor.net^$csp=worker-src 'none';
||nablabee.com^$third-party
! https://github.com/uBlockOrigin/uAssets/issues/1503
shrink-service.it##script:inject(abort-on-property-read.js, WebAssembly)
! https://www.reddit.com/r/uBlockOrigin/comments/7wwejy/cryptojackers_defeat_all_countermeasures/
*$csp=worker-src 'none',domain=estream.to|streamango.com|vidoza.net|vidto.me|vidtudu.com
||tulip18.com^$third-party
! https://github.com/uBlockOrigin/uAssets/pull/818#issuecomment-365770341
djs.sk,mladipodnikatelia.sk##script:inject(abort-on-property-read.js, miner)
||pr0gram.org^$third-party
! https://forums.lanik.us/viewtopic.php?f=62&t=39991&p=132468#p132468
||adfreetv.ch^$csp=child-src 'none';frame-src *;worker-src 'none';
! https://github.com/uBlockOrigin/uAssets/issues/1559
||hq-porns.com^$csp=child-src 'none';frame-src *;worker-src 'none';
||staticsfs.host^
! https://github.com/uBlockOrigin/uAssets/issues/1563
||gofile.io^$csp=child-src 'none';frame-src *;worker-src 'none';
||gofile.io/js/coinGofile.min.js
! https://www.reddit.com/r/uBlockOrigin/comments/7yudc2/coinhive_getting_through/
howucan.gr##script:inject(abort-on-property-read.js, miner)
! https://github.com/uBlockOrigin/uAssets/issues/1602
||thevideo.*^$csp=worker-src 'none';
||interestingz.pw^$third-party
! https://github.com/uBlockOrigin/uAssets/issues/1649
cloudtime.to,nowvideo.sx,sickrage.ca,tomadivx.org,wholecloud.net##script:inject(abort-on-property-read.js, WebAssembly)
! https://github.com/hoshsadiq/adblock-nocoin-list/issues/165
||onlinevideoconverter.com^$csp=child-src 'none';frame-src *;worker-src 'none';
||freecontent.*./$script
! https://github.com/hoshsadiq/adblock-nocoin-list/pull/173
! https://github.com/uBlockOrigin/uAssets/issues/1698
123telugu.com,netiap.com##script:inject(abort-on-property-read.js, _0x7bc7)
||datasecu.download^$third-party
||jquery-cdn.download^$third-party
! https://github.com/uBlockOrigin/uAssets/issues/1701
||bigspeeds.com^$csp=worker-src 'none';
||gustaver.ddns.net^$third-party
! https://forums.lanik.us/viewtopic.php?f=90&t=40270
nxload.com##script:inject(abort-on-property-read.js, miner)
||cryptaloot.pro^$third-party
! https://github.com/uBlockOrigin/uAssets/issues/1782
sleeptimer.org##script:inject(abort-on-property-read.js, WebAssembly)
! https://github.com/easylist/easylist/commit/8ef593
*$csp=worker-src 'none',domain=kinokongo.cc
! https://github.com/uBlockOrigin/uAssets/issues/1826
*$csp=worker-src 'none',domain=povwideo.net|powvideo.net
! https://github.com/gorhill/uBlock/issues/3675
||potomy.ru^$csp=worker-src 'none'
||rand.com.ru^
! https://github.com/hoshsadiq/adblock-nocoin-list/pull/204
||ianimes.co^$csp=worker-src 'none';
||eth-pocket.de^$third-party
! https://github.com/uBlockOrigin/uAssets/issues/2051
||hide.ovh^
I am not irrational, I'm just quantum probabilistic.
- None1975
- df -h | participant
- Posts: 1387
- Joined: 2015-11-29 18:23
- Location: Russia, Kaliningrad
- Has thanked: 45 times
- Been thanked: 64 times
Re: Malware Found In The Ubuntu Snap Store
Snap packets and Ubuntu are not needed.
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github
Debian Wiki | DontBreakDebian, My config files on github
- None1975
- df -h | participant
- Posts: 1387
- Joined: 2015-11-29 18:23
- Location: Russia, Kaliningrad
- Has thanked: 45 times
- Been thanked: 64 times
Re: Malware Found In The Ubuntu Snap Store
Just install xul-ext-noscript. Do not use unclear origin and quality addons.ticojohn wrote:Bulkley wrote: I use Firefox ESR and installed the No Coin addon. It is supposed to block mining such as Coinhive.
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github
Debian Wiki | DontBreakDebian, My config files on github
Re: Malware Found In The Ubuntu Snap Store
Can you qualify "not needed"? I think I see what you mean [for how long does one stay on Ubuntu?] but Ubuntu is a great springboard OS for many, including myself.None1975 wrote:Snap packets and Ubuntu are not needed.
- ticojohn
- Posts: 1284
- Joined: 2009-08-29 18:10
- Location: Costa Rica
- Has thanked: 21 times
- Been thanked: 44 times
Re: Malware Found In The Ubuntu Snap Store
I agree, more or less, with your statement. However, I also stated that I found the No Coin addon to not be to my liking. Also, I further stated that uBlock does a good job of blocking the cryprocurrency mining. And I think that uBlock is a pretty well known addon.None1975 wrote: Just install xul-ext-noscript. Do not use unclear origin and quality addons.
I am not irrational, I'm just quantum probabilistic.
- stevepusser
- Posts: 12930
- Joined: 2009-10-06 05:53
- Has thanked: 41 times
- Been thanked: 71 times
Re: Malware Found In The Ubuntu Snap Store
Oh, Snap!
Sorry, someone had to say it.
Sorry, someone had to say it.
MX Linux packager and developer
Re: Malware Found In The Ubuntu Snap Store
uBlock is great for this, of course they need to stay current with the changes to "mining" that will surely evolve/grow.Bulkley wrote:ticojohn, thanks for the tip. I found this: uBlock Origin Developers Take Steps to Block Cryptocurrency Mining Scripts
Keep an eye on memory and CPU usage, if it is going crazy for an extended period and/or for an unknown reason it could be a miner at work, damn gremlins.
I think they work similar to those deep browser cookies (can't recall the actual name for them, LTO or something), there used to be an add-on that could remove them. Anyway, as soon as the browser opens, they go to work, regardless of the site you are on, nasty buggers.
Should be highly illegal, sorta like someone stealing your cable, biting off your internet/wifi etc... If you are going to make money off my sh*t, where is my cut?
Re: Malware Found In The Ubuntu Snap Store
Build from source, or only use a "trusted" repo, and even then keep a close eye on your system. Even trusted packagers can go crazy or get hacked etc... Remember the Russian Debian dev. last year that was arrested and the Russian gov. confiscated all his gear/rigs, Debian had to quickly cancel his keys and access to help prevent unfortunate things from happening....Lysander wrote:So what's the takeaway from this? Use only software in the official repos? I don't use Snaps [don't know what they are, never looked into it], haven't used Flatpak in Stretch and I've only used one AppImage, which was Libreoffice 6 from the official site.
EDIT, so a snap
So similar to a Windows .exe file, as far as I can see. What is the screening process for these before they are uploaded to the snap store?is a squashFS filesystem containing your app code and a snap.yaml file containing specific metadata. It has a read-only file-system and, once installed, a writable area.
is self-contained. It bundles most of the libraries and runtimes it needs and can be updated and reverted without affecting the rest of the system.
is confined from the OS and other apps through security mechanisms, but can exchange content and functions with other snaps according to fine-grained policies controlled by the user and the OS defaults.
The reality is the Ubuntu Snap store is a crap shoot, Casino or the Wild Wild West (take your pick), there is little/no code inspection or quality control...see here:
"All apps uploaded the Snap store undergo automatic testing to ensure that they work and install correctly for users on multiple Linux distros. Both apps were uploaded as proprietary software so their code was not available to check. However, Snap apps are not checked line-by-line for anything suspicious or out-of-the-ordinary. Therefore, under the current framework, there was simply no way to detect or prevent this “malware” from being bundled up with an app and made available on the Snap store. Any theoretical pre-detection would’ve been hard to do given that both of the affected apps were uploaded as proprietary software. Their code was not available to check."
ref: https://www.omgubuntu.co.uk/2018/05/ubuntu-snap-malware
Re: Malware Found In The Ubuntu Snap Store
I disagree, with Ubuntu not being needed, it serves a purpose and fills a role...I do agree that Snap packages are not needed and I would include Flatpack and appimages as well.None1975 wrote:Snap packets and Ubuntu are not needed.