Canonical Changes Snap Store Policy in Ubuntu after Criminals Upload Fake Crypto Apps

Malicious actors have been attacking the Ubuntu Snap Store in recent months by uploading fake crypto wallet apps to steal people’s money. The situation got so bad that Canonical had to change the upload flow procedures and manually inspect uploaded Snaps.

Ubuntu’s Snaps are actually containerized apps that have their own store. They’ve been available for a while, and Canonical, the company making Ubuntu, has been trying for some time to make this a new standard, albeit with limited success.

As it turns out, criminals discovered they could upload fake crypto-wallet applications, sometimes imitating real ones, and no one would be the wiser. The latest such upload was discovered by a former Canonical employee who actually worked to build the Snap store.

He quickly realized that the application offered in the store was not the real one, and it’s just a way for attackers to steal money. In fact, he found that someone online reported losses of almost half a million dollars after installing the app from the Ubuntu store. The fake crypto app was removed quickly, on the same day as the report.

All of this happened in February, but the same person found more similar fake apps in mid-March. After he reported those as well and Canonical removed them, they were back in the store from a different uploader the next day.

One of the biggest issues is that all of these apps have a “Safe” icon, which gives the users the impression that the application has been verified.

Now, Canonical has finally announced a few measures that should make uploading such apps more difficult, particularly by requiring a human review of the apps being uploaded.

“The Store team and other engineering teams within Canonical have been continuously monitoring new snaps that are being registered, to detect potentially malicious actors,” said Holly Hall, product lead at Canonical.

“Our engineering teams will review the information provided and make a decision on whether there is anything in it that looks suspicious,” she added.

Also, as a preventative measure, if the app proposed for uploading to the store is crypto-wallet-related, it won’t be accepted. Canonical is taking the safe route, denying this entire category of apps from being listed, at least for the time being.