2048buntu

An attentive Ubuntu user has spotted today a cryptocurrency miner hidden in the source code of an Ubuntu snap package hosted on the official Ubuntu Snap Store.

The app's name is 2048buntu, a clone of the popular 2024 game, packaged as an Ubuntu snap —a relatively new app format for Ubuntu OS.

According to a GitHub user named Tarwirdur, the app contained a cryptocurrency mining application disguised as the "systemd" daemon, along with an init script that provided boot persistence.

The code mined the Bytecoin (BCN) cryptocurrency for a user account with the email address "myfirstferrari@protonmail.com."

Following the report, the Ubuntu Snap Store team removed the app, along with the app developer's other snap packages "pending further investigations."

The Ubuntu Snap Store does not provide an install count, so the number of affected users is unknown.

Anyone can create and submit a snap package to the Ubuntu Snap Store. Submitted snaps do not go through a security check, similar to the apps submitted to the iOS App Store and Google Play Store.

With this incident, the Ubuntu Snap Store takes its place in the pantheon of app stores that have suffered malware infections, right next to the Chrome Web Store, the Google Play Store, the Apple App Store, and the Windows Store.

Related Articles:

Exposed Docker APIs Continue to Be Used for Cryptojacking

CoinMiners Use New Tricks to Impersonate Adobe Flash Installers

Linux CryptoMiners Are Now Using Rootkits to Stay Hidden

Emotet Trojan Begins Stealing Victim's Email Using New Module

AutoHotkey Malware Is Now a Thing