1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Linux users targeted as crypto-stealing malware hits Snap package

    From TechnologyDaily@1337:1/100 to All on Fri Jan 23 14:45:07 2026
    Linux users targeted as crypto-stealing malware hits Snap packages - here's how to stay safe

    Date:
    Fri, 23 Jan 2026 14:35:00 +0000

    Description:
    There's a "relentless" campaign on the Ubuntu app store, and people are
    losing their crypto, experts warn.

    FULL STORY ======================================================================Hackers hijack dormant Snapcraft apps to spread cryptocurrency-stealing malware Attackers exploit expired domains to reset passwords and update snaps with malicious code Malware mimics wallet apps, stealing recovery phrases and draining funds up to $490,000

    Snapcraft is being invaded by hackers who are taking over dormant and
    inactive apps (snaps) and using them to steal peoples cryptocurrency, experts have said.

    Theres a relentless campaign by scammers to publish malware in the Canonical Snap Store. Some get caught by automated filters, but plenty slip through, cybersecurity researchers at Anchore said.

    Snapcraft is Canonicals platform and ecosystem for Linux applications. Its closely tied to Ubuntu, but it works across many Linux distros . Snaps, on
    the other hand, are the apps themselves. A snap is a self-contained software package that includes the application plus most of its dependencies. These snaps run in isolation (sandboxed), update automatically, and work the same way across different Linux systems. Crypto wallets in the crosshairs

    Many snaps are dormant, and their domains expired. Researchers are saying
    that the crooks are hunting for expired domains, buying them, and then triggering a password reset on the store. That way they gain legitimate
    access to the snaps, which they then update to contain malicious code.

    In most instances, they are targeting cryptocurrency wallets . Anchore says dozens of such snaps were already targeted, stealing from $10,000, up to $490,000 in bitcoin and other cryptocurrencies.

    The malware masquerades as genuine apps like Exodus, Ledger Live, or Trust Wallet. It asks users to enter their wallet recovery phrase, sends those credentials to the criminals, displays an error to the user, and by the time anyone realizes whats happened, the wallet is empty, the expert warns.

    The identity of the attackers is unknown, but apparently, they are located
    in, or around, Croatia.

    Canonical has been hard at work trying to curb the campaign, but Anchore describes it as a relentless game of whack-a-mole - as soon as one snap is removed, another one is taken over.

    To make sure your crypto is safe, be extremely careful when downloading apps from any source, especially cryptocurrency wallets and adjacent software.

    Via Cybernews

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/linux-users-targeted-as-crypto-stealing -malware-hits-snap-packages-heres-how-to-stay-safe


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)