report of confusion of "snap" applications by creators of malicious software

wendy-lebaron · Jan 20, 2026

this is horrible. it was up to canonical ltd. to work hard. to make "snap" as secure as possible. so people don't find something bad. to talk about them. wanting to compare to flatpak.

what if ubuntu 26.04 lts "resolute racoon" enforces "snaps" more than ever? and linux mint's developers aren't allowed that time to remove the support? better hope the "snap" support. could still be removed even in the near future. otherwise, well, i understand why canonical do the things they do. "if you don't like it, get away and cause your own envy!"

trying to give proper credit here.

DistroWatch.com: Put the fun back into computing. Use Linux, BSD.

News and feature lists of Linux and BSD distributions.

distrowatch.com

Malware Peddlers Are Now Hijacking Snap Publisher Domains

tl;dr: There’s a relentless campaign by scammers to publish malware in the Canonical Snap Store. Some gets caught by automated filters, but plenty slips through. Recently, these miscreants have changed tactics - they’re now registering expired domains belonging to legitimate snap publishers...

blog.popey.com

KGIII · Jan 20, 2026

This isn't really new; it's just now on a new platform. Malicious users have tried (and succeeded) in getting malware into the various repos used by the major distros. It's something that people are going to try for as long as we have repositories and crappy people. The finding and use of expired domains isn't even new.

I'm not sure that there's a 100% viable solution other than manually inspecting every package that goes into our repositories.

That's going to need people who understand code at a very high level. It's also going to take time. Given the vast lines of code this would include, I'm not sure that it's even possible.

BTH · Jan 24, 2026

KGIII said:
This isn't really new; it's just now on a new platform. Malicious users have tried (and succeeded) in getting malware into the various repos used by the major distros. It's something that people are going to try for as long as we have repositories and crappy people. The finding and use of expired domains isn't even new.

I'm not sure that there's a 100% viable solution other than manually inspecting every package that goes into our repositories.

That's going to need people who understand code at a very high level. It's also going to take time. Given the vast lines of code this would include, I'm not sure that it's even possible.

Would an Ai agent be able to read the code and detect malicious users?

kc1di · Jan 24, 2026

One of the reason I don't trust snaps.

KGIII · Jan 24, 2026

BTH said:
Would an Ai agent be able to read the code and detect malicious users?

In theory, yes. It'd still warrant human intervention. We don't have enough human volunteers (with the required skills) to do that.

This has happened with pretty much every repo out there. If this means you shouldn't trust X, then it should likely mean that you shouldn't trust Y. Not only has this happened in the past, in one form or another, but it'll also happen again.

The volume of code is so high that it simply can't all be audited. The complexity of the code really limits the pool of people capable of doing an audit. This isn't limited to just Linux. They've found malware in Apple's App Store and Google Play, for example.

Condobloke · Jan 24, 2026

KGIII said:
That's going to need people who understand code at a very high level. It's also going to take time. Given the vast lines of code this would include, I'm not sure that it's even possible.

The Mint repository is a mess. We have been used to great convenience there......and now it comes with a possible cost....and the 'cost' may well be the destruction of our OS.
I note that since the Upgrade from mint 22.2 to 22.3 the repository now contains a great increase in the number of flatpaks. .....and this despite the warning on the Preferences page :

....which is patent bs. Exactly how are this enormous number of flatpaks verified?
There is a serious lack of System Packages.....the entire software manager is filled with flatpaks.
I don't feel that there is no way to audit the present, system packages, software in there. It can be done. Give it to elon musk, he'll have it done in a hot minute. (lol)
I do feel that the motivating factor is the hierarchy's obsession with flatpaks.....did someone mention money ?

PuppyHome · Jan 24, 2026

IMHO AppImage and Snap increase the attack surface. ESPECIALLY when they are widely used as is the case here.

Sure it could come in 'handy' and is cool or whatever but essentially it isn't necessary. This is not a good thing.

Here's another take: many folks are switching from Windooz to Linux and I'll bet you my last dime that we will see more of these shenanigans in the future as more and more people start to use Linux.
Now I'm sure the devs will tackle vulnerabilities quickly but still I do believe the the most popular distros in the future will get more vulnerable to malware especially when 'containerized' applications are on the rise.

KGIII · Jan 24, 2026

Condobloke said:
did someone mention money ?

I'd not immediately guess that there was a direct financial motive. Instead, I'd suspect that it's an 'efficiency' thing (read, laziness). It doesn't seem like there's any money behind the whole flatpak thing. But, it seems like it'd be easier to just use them instead of maintaining applications in a repository under your own control.

Condobloke · Jan 24, 2026

It is said of windows users that they are 'babied' by the processes in place that they are effectively dissuaded from moving to anything else.
It would be a tragedy to see the same effect rear its ugly head in the Linuxsphere.

(msft made a silly mistake by hitting their users in their hip pocket....but that is another story for another thread)

PuppyHome · Jan 24, 2026

Condobloke said:
The Mint repository is a mess. We have been used to great convenience there......and now it comes with a possible cost....and the 'cost' may well be the destruction of our OS.
I note that since the Upgrade from mint 22.2 to 22.3 the repository now contains a great increase in the number of flatpaks. .....and this despite the warning on the Preferences page :
View attachment 30038
....which is patent bs. Exactly how are this enormous number of flatpaks verified?
There is a serious lack of System Packages.....the entire software manager is filled with flatpaks.
I don't feel that there is no way to audit the present, system packages, software in there. It can be done. Give it to elon musk, he'll have it done in a hot minute. (lol)
I do feel that the motivating factor is the hierarchy's obsession with flatpaks.....did someone mention money ?

Well said.

BTH · Jan 25, 2026

PuppyHome said:
IMHO AppImage and Snap increase the attack surface. ESPECIALLY when they are widely used as is the case here.

Sure it could come in 'handy' and is cool or whatever but essentially it isn't necessary. This is not a good thing.

Here's another take: many folks are switching from Windooz to Linux and I'll bet you my last dime that we will see more of these shenanigans in the future as more and more people start to use Linux.
Now I'm sure the devs will tackle vulnerabilities quickly but still I do believe the the most popular distros in the future will get more vulnerable to malware especially when 'containerized' applications are on the rise.

Why contanerised applications increase the threat? (Just learning) and was looking at Fedora distro and then home lab. Thanks in advance.

PuppyHome · Jan 25, 2026

Because these applications come with so many files and directories which makes it easier to hide anything malicious.
And so many are created at the moment that it is very very hard to verify them all beforehand. If at all.

wendy-lebaron · Jan 26, 2026

PuppyHome said:
Because these applications come with so many files and directories which makes it easier to hide anything malicious.
And so many are created at the moment that it is very very hard to verify them all beforehand. If at all.

you're right. but it's difficult to do anything about it. because the "average" application. might be written in different programming languages. compelled to use different components. one thing must run python. another uses lua. to make it easier for a gamer to customize. still another uses shell-script. yet another thing has to execute one line of javascript. and so forth.

then have only one file. that is the application. what if it's 200mib or much larger? think about the people who have very slow internet. with very limited mobile data plans. what if it has to be upgraded regularly? as must be done on android?

welp, if i don't like it. i will have to become a caveman. avoiding to starve and freeze to death. or one of those things.

because of "too many files." i'm not going to stop using appimages. i might have to stop downloading new ones though. because they could be joke programs. because one of them is a program that just sucks.

it's funny that in some systems. flatpaks are being forced upon people. with their stubborn resistance. what will happen when there is no way to avoid the snaps? will those two go into a power struggle? will it happen only on ubuntu. and whatever is directly based on it?

i'll tell you what is worse than "too many files." using any web browser. but it can't be helped. there's a lot of black magic in there. "some of us for our very internet survival. to go online usefully. must have a web browser, period." i don't know who said that. credit whoever was quoted with it. just now i upgraded vivaldi browser. for the first time in about two months. had to do it. need to go into a couple of sites. that don't function properly on firefox esr. this includes a file-sharing place.

mosfet telnet · Feb 22, 2026

I'm a consultant software engineer and we've recently used AI behind the scenes to create a piece of proprietary software that analyses (triages) large systems with a bunch of code amongst several apps, on some platforms, maybe with some databases, and work out what it does and how it works. This is presented to the user in varying degrees of granularity and in a variety of different formats - anything from an accountant's English, to that understood by a Business Analyst, to UML or some other entity diagrams understood by the local DBA. It uses a local LLM - we are using it to look at airgapped systems too. It takes about a minute to do the discovery and run the results. We used it recently with a multinational insurance company to tell them what their z/OS mainframe that runs COBOL actually does (the last person who understood it left 6 years ago). We're just about to do the same at a bank. It'd be relatively straightforward to create a pipeline using something like this technique to detect malicious code, it could be used side by side with the classic heuristic approach.

report of confusion of "snap" applications by creators of malicious software

wendy-lebaron

Well-Known Member

DistroWatch.com: Put the fun back into computing. Use Linux, BSD.

Malware Peddlers Are Now Hijacking Snap Publisher Domains

KGIII

Administrator

BTH

New Member

kc1di

Well-Known Member

KGIII

Administrator

Condobloke

Well-Known Member

PuppyHome

Well-Known Member

KGIII

Administrator

Condobloke

Well-Known Member

PuppyHome

Well-Known Member

BTH

New Member

PuppyHome

Well-Known Member

wendy-lebaron

Well-Known Member

mosfet telnet

New Member

Follow Linux.org

Members online

Latest posts