Report of fake crypto wallet (Exodus) snap(s)

alexmurray · November 1, 2025, 11:08am

@store team can you please investigate and act on possible fake Exodus wallet snap(a) in the store? https://www.reddit.com/r/Ubuntu/s/fLZMQMbT3O

Can these please be quarantined immediately to protect against any other users inadvertently downloading them?

Thanks

Yasirel · November 1, 2025, 2:34pm

I think the Snap has already been deleted. It would be a good idea to introduce a warning message for more careless users. For exaple: “This Snap is not verified. Don’t share personal data unless you are sure of its source”.

Ares_ekb · November 1, 2025, 4:10pm

Yes, it was blocked recently Malicious apps on the store

Also it was removed yesterday and today. And now it’s published again

Ares_ekb · November 1, 2025, 9:42pm

I think I’ve already sent 5 reports, but they keep publishing a new copy of this application again and again

Lin-Buo-Ren · November 2, 2025, 5:20am

It is essentially a whack-a-mole now:

Screenshot of Homoglyph attack of the now inaccessible likely-to-be malicious snap

Evil actors are using multiple techniques to evade abuse detection, which is unfortunately not easy to be dealt with:

Response from Gemini LLM:

Is this string wierd? “Exodսꜱ”

That string, “Exodսꜱ,” definitely looks a little weird!

It’s an example of a homoglyph attack or IDN homograph attack, where one or more letters are replaced with similar-looking characters from a different alphabet (like Cyrillic, Greek, or another Unicode block).

Here’s the breakdown of the characters in the string:

E, x, o, d: These are standard Latin alphabet letters.

ս: This is the Armenian Small Letter Youn (U+057D). It looks almost identical to the Latin lowercase ‘u’.

ꜱ: This is the Latin Letter Small Capital S (U+A731). It looks very similar to the standard lowercase ‘s’, but it’s a small-cap letter.

The intent is often to make the word look like “Exodus” while using entirely different characters, which can be used for deceptive purposes in URLs, usernames, or other security contexts.

Ares_ekb · November 2, 2025, 5:44am

It’s published again with a bit different name. But anyways it’s easily found in App Center by plain ASCII “exodus” query. Maybe because this word is used in the description. Probably mix of different alphabets should be prohibitied? Or at least it should be marked and verified by human?

In general, I think it’s not a problem but an interesting case and great opportunity to make the repository safe. It would be really huge competitive advantage if Snap was malware-free! I’ve lost all my money by that malware and I just want that it was not in vain, that it will help others.

Ares_ekb · November 5, 2025, 7:15pm

It’s published again with a different name and description Install IdeaFlow Generator on Linux | Snap Store

Ares_ekb · November 6, 2025, 1:56pm

I’ve found dozens of fake crypto wallets:

https://snapcraft.io/alert-publish
https://snapcraft.io/assist-folder2
https://snapcraft.io/bolt
https://snapcraft.io/cacheimport4689
https://snapcraft.io/calendar47
https://snapcraft.io/g38v06ehjyr-4m
https://snapcraft.io/i-c6i16a1yc1a
https://snapcraft.io/index-transform
https://snapcraft.io/jfo8h0e6of8a-o
https://snapcraft.io/litesync
https://snapcraft.io/load
https://snapcraft.io/lyq6rhv3ck
https://snapcraft.io/managerecordsync
https://snapcraft.io/media-demo1
https://snapcraft.io/meet
https://snapcraft.io/monitorcheck
https://snapcraft.io/newsboxgateway
https://snapcraft.io/notify-smart
https://snapcraft.io/option
https://snapcraft.io/playfastrender
https://snapcraft.io/protect-hash-video624
https://snapcraft.io/publish538
https://snapcraft.io/qttyugum712i5e
https://snapcraft.io/quizsmartconvert
https://snapcraft.io/release-transfer-db
https://snapcraft.io/safelocation842
https://snapcraft.io/safemake9
https://snapcraft.io/savenano
https://snapcraft.io/secure
https://snapcraft.io/sensor
https://snapcraft.io/shop7013
https://snapcraft.io/show1681
https://snapcraft.io/smartreceiptmerge
https://snapcraft.io/spark-reader
https://snapcraft.io/store-combine
https://snapcraft.io/supportmediaimport
https://snapcraft.io/taskdbpdf
https://snapcraft.io/text-kit-post
https://snapcraft.io/tracker-desk71
https://snapcraft.io/w5ggkk5b6vw-c
https://snapcraft.io/widget-field
https://snapcraft.io/wjv658j0iob
https://snapcraft.io/wllt1r0gla22
https://snapcraft.io/work-game-travel
https://snapcraft.io/zmiq-0lk-g4kmu

Most of them don’t work anymore, because the remote server collecting secret codes is unavailable

Lin-Buo-Ren · November 16, 2025, 7:37am

Please file a new post and tag the @store staffs so that they could be properly tracked internally, thanks!