Ubuntu Snap Store exists Malicious Programs

Ubuntu Snap Store has discovered multiple bundled mining applications, all uploaded by the same user. Ubuntu Snap Store does not have an audit mechanism. Anyone can upload snap-packaged apps. This creates opportunities for malicious programs. The applications for the bundled mining program were found to be 2048buntu and Hextris, uploaded by user Nicolas Tomb. All packages uploaded by this user were removed for further investigation.

Among them, 2048buntu is a fork from an open source application 2048, and 2048buntu is submitted to application store on behalf of proprietary software. The MIT license used by 2048 allows distribution under the name of the proprietary software. It is only necessary to retain copyright notices, but it is unclear whether 2048buntu retains copyright notices.