Canonical cracks down on crypto cons following Snap Store scam spree

After multiple waves of cryptocurrency credential-stealing apps were uploaded to the Snap store, Canonical is changing its policies.

In what's expected to be a temporary measure, an announcement on the Snapcraft Discourse says that the Ubuntu vendor will switch to manual review of all new snap name registrations. The post from Holly Hall says:

Former Ubuntu staffer Alan "Popey" Pope has detailed some of this wave of scammy apps. Firstly, a fake "Exodus" wallet app caused one user to lose nine Bitcoins – currently worth roughly $490,000. This scam app from movementexod was masquerading as the real Exodus wallet from Exodus Movement – a company that already offers native Debian packages alongside its Windows and Mac versions.

A few days later, Popey published a follow-up post including the response of Canonical founder and "self-appointed benevolent dictator for life" Mark Shuttleworth. You can read the discussions of the problem on the Snapcraft forums. (If you are inclined to join in, note that the Snapcraft Discourse instance has its own membership system, separate from the official Ubuntu instance.)

The saga did not end there. This month, he detailed ten more fake wallets that appeared on the Snap Store, from an account called digisafe00000. When these were removed, the next day, replacements reappeared from a new account called codeshield0x0000. Popey also did some digging into how they work. Worse still, these fake wallets aren't the only ones – he has a Mastodon thread detailing others.

Part of the problem is that these apps look legitimate to casual inspection because the Snap Store badges them as "safe." Unfortunately, that just means the apps are strictly confined in a sandbox, but for the scammers' purposes, that doesn't matter. The apps look like the real thing and use simple social engineering to extract users' credentials, which they then use to siphon off the victim's funds. But the apps can't touch your system, so by Snap confinement rules, they're "safe."

This sort of problem is nothing new, and was satirized by Xkcd over a decade ago. The moves also parallel recent changes at Flathub. This isn't the first time that Canonical has faced problems with cryptocurrency apps in the Snap Store either.

The Reg FOSS desk takes an extremely jaundiced view of this. For us, all cryptocurrencies and associated apps of any form are scams, with no exceptions, as are all forms of non-fungible token trading and absolutely anything to do with "Web 3." The main practical use case for this pretend internet money is for criminals to extort ransomware victims and other hapless sorts. If you retain any doubt about this whatsoever, we recommend reading the excellent Attack of the 50 Foot Blockchain. If one maintains this attitude, it provides complete and reliable protection from all wallet scams.

In other news

It's not all bad news in Ubuntopia, though. The next LTS release, 24.04 "Noble Numbat," has not quite reached beta stage yet, although you can look at its wallpapers if you like. The release of "Noble" will mark a full decade since the release of Ubuntu 14.04 "Trusty Tahr." That in turn meant that "Trusty" was about to hit the end of the ten years of patches you get with Ubuntu Pro's Expanded Security Maintenance.

However, Canonical just announced an extension of that ten years to 12, meaning that Pro customers get another two years of critical security updates for "Trusty." As we reported in late 2022, Ubuntu Pro is free for up to five machines now – so you can keep a few essential "Trusty" instances going for a little longer, if you absolutely must. ®