Tarwirdur, a Github user, recently flagged a malicious cryptocurrency mining malware hiding in Ubuntu apps. Found in the Ubuntu Snap Store, an app store for a newly introduced package management system, the affected apps were named Hextris and 2048buntu. The Bytecoin miner script was hiding in the “systemd” background process.
The snap packages were uploaded under the proprietary license by a user going by the name of Nicolas Tomb. Post-incident, all the packages submitted by the user were removed by Canonical in haste and investigation has been launched to further delve into the egregious issue.
The apps in question had had an “init script” which loaded the code automatically in the background everytime the system started. A hardcoded email address “[email protected]” (a poor attempt at owning a Ferrari!) in the script indicates that a noob added the malware.
The script was not harmful to the system regarding security as it was found incapable of harvesting your personal data or injecting code. The cryptocurrency mining initiated by the code can hinder the performance of your PC and shoot up your electricity bills.
Due to lack of any means to track the number of app installs in Ubuntu, it is not certain that how many users are affected by the malicious script.
This perilous incident should not come as a surprise as the Ubuntu Snap Store lacks the mechanism to check the uploaded Snaps and, moreover, codes are not available for testing in the case of proprietary software.
With this incident, Ubuntu’s Snap app packaging system has witnessed the first setback in terms of security.