Canonical removes two snap applications for containing malware

Snap is a new package format created by Canonical to simplify the development and implementation of software for Linux. It is a self-contained package format, with all its dependencies included and that works in isolation from the rest of the system, something that should also help improve security. Unfortunately, nothing is completely safe, Canonical has had to withdraw two Snap applications for containing malware.

Snap's security is in question again

The Snap packages were released with Ubuntu 16.04 LTS in 2016, since then they have reached other Linux distributions and now even Spotify is being distributed through this format. In addition to making it easier for developers to distribute their applications across many Linux distributions without having to create a package for each, Snaps is also expected to be more secure than applications installed through other packaging systems. The latter is because each Snap is isolated from the system and cannot interfere with it or with other Snaps.

We recommend you read our post on Know the Ubuntu Snap packages and their advantages

Unfortunately, this has not stopped the malware from reaching the Ubuntu Snap store. According to Github user 'tarwirdur', last Friday two applications that had been available in the store since the end of April contained an encryption miner, ByteCoin, disguised as the "systemd" daemon and a script to auto-load them when starting the system..

After this came to light, Canonical removed all of this author's apps from the Ubuntu store, pending further investigation. These packages are currently only handled for installation issues among Linux distributions that support the packaging system, without any evidence of malware or suspicious activity.

Omgubuntu font