Api.snapcraft.io added to block-list

DWD · December 1, 2025, 10:12am

Good morning,

If you wonder why you can’t contact api.snapcraft.io, it may be because it has been added to one or more block-list:

$ curl -sL 'https://v.firebog.net/hosts/RPiList-Phishing.txt' | 
  grep -ni api.snapcraft.io 

122171:||api.snapcraft.io^

Best regards

Daniel

astrojuanlu · December 1, 2025, 10:43am

github.com/RPiList/specials

api.snapcraft.io on our Phishing List

opened 01:49AM - 01 Dec 25 UTC

RPiList

This is just a summary for our international users: Phishing Malware has been r…eported to be distributed via api.snapcraft.io: <img width="416" height="195" alt="Image" src="https://github.com/user-attachments/assets/904e507f-af96-4605-ab85-34bd8b378ad4" /> https://x.com/smica83/status/1993341622420201564 https://bazaar.abuse.ch/sample/f975b837789e7c68fd077465f87aaf351cfdd6c91372d26f3888d3cdcf13bfbb/ If you think you don't need protection from phishing domains, just delete our list. If you think it's pretty stupid to distribute malware in the first place but you also need to access the domain until it is cleared, you can whitelist the domain in your pihole. or... someone brings this to the attention of the snapcraft team. They might be able to just delete the problematic files.

astrojuanlu · December 2, 2025, 8:48pm

Engaged with the maintainer of the list to understand what should we do about this. Waiting.

astrojuanlu · December 2, 2025, 8:48pm

(Also, thanks @DWD for the heads up!)

DWD · December 2, 2025, 9:10pm

I expect the problem is due to the malware in the store. Report of fake crypto wallet (Exodus) snap(s) - #8 by Ares_ekb

The large list provided by @Ares_ekb has been there for 26 days but there does not seem to have been any publicly visible response or action. I’ve checked every few days since I saw the post.

The snaps are all available for download/ installation:

snap	concerning file
alert-publish_1.snap	squashfs-root/bin/exodus-bin
assist-folder2_1.snap	squashfs-root/bin/exodus-bin
bolt_1.snap	squashfs-root/bin/ledger-bin
cacheimport4689_1.snap	squashfs-root/bin/ledger-bin
calendar47_1.snap	squashfs-root/bin/ledger-bin
g38v06ehjyr-4m_1.snap	squashfs-root/bin/exodus-bin
i-c6i16a1yc1a_1.snap	squashfs-root/bin/exodus-bin
index-transform_1.snap	squashfs-root/bin/ledger-bin
jfo8h0e6of8a-o_1.snap	squashfs-root/bin/exodus-bin
litesync_1.snap	squashfs-root/bin/exodus-bin
load_1.snap	squashfs-root/bin/exodus-bin
lyq6rhv3ck_1.snap	squashfs-root/bin/exodus-bin
managerecordsync_1.snap	squashfs-root/bin/exodus-bin
media-demo1_1.snap	squashfs-root/bin/ledger-bin
meet_1.snap	squashfs-root/bin/ledger-bin
monitorcheck_1.snap	squashfs-root/bin/exodus-bin
newsboxgateway_1.snap	squashfs-root/bin/ledger-bin
notify-smart_1.snap	squashfs-root/bin/ledger-bin
option_1.snap	squashfs-root/bin/exodus-bin
playfastrender_1.snap	squashfs-root/bin/ledger-bin
publish538_1.snap	squashfs-root/bin/ledger-bin
qttyugum712i5e_1.snap	squashfs-root/bin/exodus-bin
quizsmartconvert_1.snap	squashfs-root/bin/exodus-bin
release-transfer-db_1.snap	squashfs-root/bin/exodus-bin
safelocation842_1.snap	squashfs-root/bin/ledger-bin
safemake9_1.snap	squashfs-root/bin/exodus-bin
savenano_1.snap	squashfs-root/bin/exodus-bin
secure_1.snap	squashfs-root/bin/exodus-bin
sensor_1.snap	squashfs-root/bin/exodus-bin
shop7013_1.snap	squashfs-root/bin/ledger-bin
show1681_1.snap	squashfs-root/bin/ledger-bin
smartreceiptmerge_1.snap	squashfs-root/bin/exodus-bin
spark-reader_1.snap	squashfs-root/bin/ledger-bin
store-combine_1.snap	squashfs-root/bin/exodus-bin
supportmediaimport_1.snap	squashfs-root/bin/ledger-bin
taskdbpdf_1.snap	squashfs-root/bin/exodus-bin
text-kit-post_1.snap	squashfs-root/bin/exodus-bin
tracker-desk71_1.snap	squashfs-root/bin/ledger-bin
w5ggkk5b6vw-c_1.snap	squashfs-root/bin/exodus-bin
widget-field_1.snap	squashfs-root/bin/exodus-bin
wjv658j0iob_1.snap	squashfs-root/bin/exodus-bin
wllt1r0gla22_1.snap	squashfs-root/bin/exodus-bin
work-game-travel_1.snap	squashfs-root/bin/ledger-bin
zmiq-0lk-g4kmu_1.snap	squashfs-root/bin/exodus-bin

It’s both disappointing and worrying that the disclosure was made but no there was no acknowledgement or action taken, even after this caused significant financial loss for someone. The lack of communication and action has happened before, I think more than once. Financial loss due to malware being distributed by the store has also happened in the past and lead to policy review and a period of heightened scrutiny of snap registration.

Unfortunately, and sadly, this history and current situation makes it very challenging to advocate for snaps and the snap store, and to defend them.

odysseus-k · December 3, 2025, 9:05am

Hi,

First of all, thank you for bringing this to our attention and apologies for the delayed response.

We’ve now fully processed the reported malicious snaps and have removed them from the Store. We’ve also taken additional steps to review our monitoring processes and to ensure that similar reports are caught and addressed much sooner in the future.

Regarding the concerns about our publishing process; we recognize the points made in the original post. Over the past year, we’ve been actively tightening [1] our publishing and review policies [2], which in many cases includes manually reviewing the registration requests, to reduce the likelihood of problematic content appearing. While this has already helped lower the number of cases, it’s an ongoing effort and we know there’s more to do.

Thanks,

The Snap Store team

[1] Manual review of all new snap name registrations

[2] Policy - Restricting sensitive snap categories to trusted publishers