The https://snapcraft.io/ledgerlive app is a phishing app disguising as the official app for https://www.ledger.com/
The way it works is that it queries you for your backup code (a list of words). In a dumb lapse of judgement I was scammed by this app and lost a substantial amount of money.
What worries me more is that my computer/passwords/files could be compromised. But if I understand it correctly, snaps are isolated somehow? Could it have read my filesystem?
What do you recommend I do?
Just uninstall the snap. Snaps don’t have access to your root files and hidden files in home folder.
Thanks! That means it could have read non-hidden files in the home directory?
The snap connections ledgerlive command should list all interfaces this snap uses, depending on which are connected it can read files or access system resources
Thanks a lot!
It seems like it could have read my home folder and Desktop. I think it’s unlikely that they stole anything else, they were clearly after the cryptocurrency, but it’s good to be aware.
Do you BTW have any evidence that it is actually attempting any phishing ? (Apart from the behavior you described I mean)
The cryptocurrency was transferred out of my Wallet against my will to an unknown address.
We’ve removed that publisher’s apps from the Store.
Have you been able to find out how it was done and how such a thing could have been missed?
This case reminded me of another case, unauthorized mining.
I’d like to be sure that there will be much less of this sort of thing, since no one but Canonical has the ability to see what is actually on the other side of the website.
Our teams are responding and investigating in depth now. We are also working on how to prevent this in the future.
