Cryptojacking Malware Discovered on Ubuntu Snap Store
Illicit cryptojacking attacks have been prevalent in recent times, with a recent target being the official Ubuntu Snap Store. A vigilant Ubuntu user that goes by the GitHub moniker “Tarwirdur” was the first to report the two apps, 2048buntu and Hextris, containing the Bytecoin mining code.
Also read: Crypto Conferences Are Minting Money
Tarwirdur’s discovery of mining malware in the Ubuntu Snap Store highlights that products in an official store are not immune to the current cryptojacking tsunami.
Now’s the time for vigilance accordingly, lest your computer starts surreptitiously mining for someone else’s pockets.
Illegal Mining Scripts Mined Bytecoin
The attentive Ubuntu user Tarwirdur revealed his findings on GitHub, stating that the 2048buntu application contained a hidden Bytecoin miner script.
Initially, Tarwirdur only pointed out the 2048buntu app but later reported that another submission of Nicolas Tomb’s — the author of the exposed app — also contained cryptocurrency mining scripts.
The Snapcraft store, developed by UK-based computer software company Canonical Ltd., has since axed all apps uploaded by Tomb, including the Hextris app which also contained the malware.
Responding to Tarwirdur, a Canonical team member said:
“@tarwirdur yes, we’ve removed all applications from this author pending further investigations. Thank you for your vigilance!”
The Rise of Cryptojacking
Increasingly prevalent in recent months, crypto mining scripts are deployed to leech the victim’s computer processing power to mine cryptocurrencies. These scripts are not designed to steal data from the victim’s computer, but rather power for someone else’s financial gain.
It is unclear how many users may have been affected by Tomb’s apps as there’s no apparent way to discern install counts. Both apps were uploaded in April 2018, and therefore the number of users affected by the script may not be many.
The 2048buntu mining script was concealed under the name “systemd” while it mined Bytecoin for a user under the email address [email protected].
The Ubuntu Snap Store is not the only store that’s been affected by crypto-centric malware. In the past, the Google Play Store, the Chrome Web Store, and the Apple App Store have all seen their share of malicious crypto-based ploys. It’s a trend that’s here to stay unless better preventative measures can be developed.
How can app stores cope with the increasing threat of illicit mining activities? Share your views in the comments section.
Images via Henri, AdGuard