[kwlug-disc] Snap as a target for malware ...

[Mikalai Birukou]

> We discussed snap and its pitfalls on this mailing list before.
>
> It is being targeted more and more by malware peddlers
>
> https://blog.popey.com/2026/01/malware-purveyors-taking-over-published-snap-email-domains/
>
> Again, depending on which variant of Ubuntu you use, and what software you need, you can uninstall snap completelylike I do.
> (e.g. Xubuntu, no need for lxd, install Firefox from PPA, ...)

Looking into details of article, potentially through my own lens, article contains story about two points: (a) trust 3rd party distributor, (b) "Why flashlight needs to send email".

(a)

From tldr;
.. [scammers] now registering expired domains belonging to legitimate snap publishers, taking over their accounts, and pushing malicious updates to previously trustworthy applications.

This is a problem with everyone. ... we ask users to be vigilant. ... or users encouraged to trust that store has done vetting. Where did "ask a friend" go?

In old times, pretending to be someone else has carried non-trivial penalty, if I am not mistaken. It ain't new attack.

(b)

If it is in a snap, you'd expect some walls to not let a flashlight send email with your wallet password into wild world. Missed opportunity, in my view.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20260125/351bb050/attachment.htm>