Canonical's Snap Store Hit By Malicious Apps

Stemming from reports of several fake crypto apps appearing in Canonical's Snap Store that aimed to steal user funds, temporary restrictions have been put in place while Canonical investigates the security matter.

Due to Snap users reporting several recently published Snaps that are potentially malicious in stealing user crypto funds, the Snap Store removed the reported Snaps. A temporary manual review requirement has also been put in place on new Snap registrations. This manual review is intended to thwart bad actors from registering names of legitimate applications (or at least legitimate sounding names) and using that as an avenue for pushing malicious Snaps to users.

"If you try to register a new snap while the requirement is active, you will be prompted to “request reserved name”. Upon a successful manual review from the Snap Store staff, the name will be registered. Uploading and releasing revisions for existing snaps will not be affected.

We apologize for any inconvenience this may cause our snap publishers and developers. However, we believe it is the most prudent action at this moment.

We want to thoroughly investigate this incident without introducing any noise into the system, and more importantly, we want to make sure our users have a safe and trusted experience with the Snap Store.

Please bear with us while we conduct our investigation. We will provide a more detailed update in the coming days."

More details on this incident via the Snapcraft forums.