Canonical has announced a temporary suspension of the Snap Store's automated system for checking published packages due to the appearance of packages containing malicious code in the repository to steal cryptocurrency from users. At the same time, it is unclear whether the incident is limited to the publication of malicious packages by third-party authors or whether there are some problems with the security of the repository itself, since the situation in the official announcement is characterized as a βpotential security incident.β
Details about the incident are promised to be revealed after the investigation is completed. During the investigation, the service has been switched to manual review mode, in which all registrations of new snap packages will be manually checked before publication. The change will not affect downloading and publishing updates for existing snap packages.
Problems were identified in the ledgerlive, ledger1, trezor-wallet and electrum-wallet2 packages, published by attackers under the guise of official packages from the developers of the noted crypto-wallets, but in fact having nothing to do with them. Currently, the problematic snap packages have already been removed from the repository and are no longer available for search and installation using the snap utility. Incidents with malicious packages being uploaded to the Snap Store have happened before. For example, in 2018, packages containing hidden code for cryptocurrency mining were identified in the Snap Store.
Source: opennet.ru