@store team can you please investigate and act on possible fake Exodus wallet snap(a) in the store? https://www.reddit.com/r/Ubuntu/s/fLZMQMbT3O
Can these please be quarantined immediately to protect against any other users inadvertently downloading them?
Thanks
I think the Snap has already been deleted. It would be a good idea to introduce a warning message for more careless users. For exaple: āThis Snap is not verified. Donāt share personal data unless you are sure of its sourceā.
Yes, it was blocked recently Malicious apps on the store
Also it was removed yesterday and today. And now itās published again
I think Iāve already sent 5 reports, but they keep publishing a new copy of this application again and again
It is essentially a whack-a-mole now:
Evil actors are using multiple techniques to evade abuse detection, which is unfortunately not easy to be dealt with:
Response from Gemini LLM:
Is this string wierd? āExodÕ½ź±ā
That string, āExodÕ½ź±,ā definitely looks a little weird!
Itās an example of a homoglyph attack or IDN homograph attack, where one or more letters are replaced with similar-looking characters from a different alphabet (like Cyrillic, Greek, or another Unicode block).
Hereās the breakdown of the characters in the string:
- E, x, o, d: These are standard Latin alphabet letters.
- Õ½: This is the Armenian Small Letter Youn (U+057D). It looks almost identical to the Latin lowercase āuā.
- ź±: This is the Latin Letter Small Capital S (U+A731). It looks very similar to the standard lowercase āsā, but itās a small-cap letter.
The intent is often to make the word look like āExodusā while using entirely different characters, which can be used for deceptive purposes in URLs, usernames, or other security contexts.
Itās published again with a bit different name. But anyways itās easily found in App Center by plain ASCII āexodusā query. Maybe because this word is used in the description. Probably mix of different alphabets should be prohibitied? Or at least it should be marked and verified by human?
In general, I think itās not a problem but an interesting case and great opportunity to make the repository safe. It would be really huge competitive advantage if Snap was malware-free! Iāve lost all my money by that malware and I just want that it was not in vain, that it will help others.
Itās published again with a different name and description Install IdeaFlow Generator on Linux | Snap Store
Iāve found dozens of fake crypto wallets:
https://snapcraft.io/alert-publish
https://snapcraft.io/assist-folder2
https://snapcraft.io/bolt
https://snapcraft.io/cacheimport4689
https://snapcraft.io/calendar47
https://snapcraft.io/g38v06ehjyr-4m
https://snapcraft.io/i-c6i16a1yc1a
https://snapcraft.io/index-transform
https://snapcraft.io/jfo8h0e6of8a-o
https://snapcraft.io/litesync
https://snapcraft.io/load
https://snapcraft.io/lyq6rhv3ck
https://snapcraft.io/managerecordsync
https://snapcraft.io/media-demo1
https://snapcraft.io/meet
https://snapcraft.io/monitorcheck
https://snapcraft.io/newsboxgateway
https://snapcraft.io/notify-smart
https://snapcraft.io/option
https://snapcraft.io/playfastrender
https://snapcraft.io/protect-hash-video624
https://snapcraft.io/publish538
https://snapcraft.io/qttyugum712i5e
https://snapcraft.io/quizsmartconvert
https://snapcraft.io/release-transfer-db
https://snapcraft.io/safelocation842
https://snapcraft.io/safemake9
https://snapcraft.io/savenano
https://snapcraft.io/secure
https://snapcraft.io/sensor
https://snapcraft.io/shop7013
https://snapcraft.io/show1681
https://snapcraft.io/smartreceiptmerge
https://snapcraft.io/spark-reader
https://snapcraft.io/store-combine
https://snapcraft.io/supportmediaimport
https://snapcraft.io/taskdbpdf
https://snapcraft.io/text-kit-post
https://snapcraft.io/tracker-desk71
https://snapcraft.io/w5ggkk5b6vw-c
https://snapcraft.io/widget-field
https://snapcraft.io/wjv658j0iob
https://snapcraft.io/wllt1r0gla22
https://snapcraft.io/work-game-travel
https://snapcraft.io/zmiq-0lk-g4kmu
Most of them donāt work anymore, because the remote server collecting secret codes is unavailable
Please file a new post and tag the @store staffs so that they could be properly tracked internally, thanks!
Hi,
First of all, thank you for bringing this to our attention and apologies for the delayed response.
Weāve now fully processed the reported malicious snaps and have removed them from the Store. Weāve also taken additional steps to review our monitoring processes and to ensure that similar reports are caught and addressed much sooner in the future.
Regarding the concerns about our publishing process; we recognize the points made in the original post. Over the past year, weāve been actively tightening [1] our publishing and review policies [2], which in many cases includes manually reviewing the registration requests, to reduce the likelihood of problematic content appearing. While this has already helped lower the number of cases, itās an ongoing effort and we know thereās more to do.
Thanks,
The Snap Store team
[1] Manual review of all new snap name registrations
[2] Policy - Restricting sensitive snap categories to trusted publishers
Thank you.
I would appreciate it if you would elaborate on:
Daniel
Hi,
We werenāt monitoring this channel as closely as others, which contributed to the late response but weāve adjusted that now so similar reports wonāt be overlooked. In addition, weāre not introducing formal SLAs at this point, but improving responsiveness remains a priority. Weāre definitely continuing to strengthen our publishing and review processes, and that work is ongoing.
Thanks,
The Snap Store team
Iām afraid this will just keep on going. Could we consider a policy of disallowing publishing of crypto wallet applications unless the publisher had been verified?
Isnāt that process already in place ? As I understand it the problem here are the āimpostorsā ā¦ i.e. packages that pretend to be something else and then ship crypto fishing bits inside ā¦
Clearly the current policy appears to be ineffective. Maybe for once thereās actually something useful that could be done with LLMs here. If Gemini is able to find an issue then maybe thatās how we could approach that. I would not mind if more apps end up needing manual review, but itās better to have more false positives for the is-a-crypto-scam-wallet-app check than make them available to the user.
Suggestion: make a Security category specifically for the reporting and discussion of malware found in the Store? That way, any interested parties can subscribe to it, including policy-reviews et al.
Weāre considering options like that. We realised that reports of this kind were appearing in this category, so weāve begun monitoring it more closely. Our hope is that quicker responses here will encourage more reports, and if the volume grows, it may make sense to create a dedicated category for these cases.
We understand the concern, but itās worth noting that our current checks already filter out a significant amount of malicious or non-compliant content before it ever reaches the store. Thereās still work to be done so weāre always looking for ways to improve the system, but like Lin-Buo-Ren mentioned - itās whack-a-mole.