Re: [PLUG] Linux Users Targeted as Crypto-stealing Malware Hits Snap Packages

[Walt Mankowski via plug <plug@lists.phillylinux.org>]

On Fri, Feb 06, 2026 at 11:29:30PM -0500, Steve Litt via plug wrote:
> 
> On Thu, 29 Jan 2026 08:29:07 -0500
> jeffv via plug <plug@lists.phillylinux.org> wrote:
> 
> > Linux Users Targeted as Crypto-stealing Malware Hits Snap Packages
> > 
> > https://linuxsecurity.com/news/hackscracks/crypto-stealing-malware-hits-snap-packages
> > 
> > Several crypto-stealing campaigns are using Snap packages to land 
> > quietly on Ubuntu Linux systems. No exploit chains. No privilege 
> > escalation. Just software that looked legitimate enough to install,
> > then stayed resident long enough to make money. For attackers focused
> > on cryptomining, that’s ideal. CPU is consumed slowly, the system
> > keeps working, and nothing obviously breaks.
> 
> VITAL INFORMATION: The article's title, and indeed the subject line of
> this email, are misleading. Nowhere does this article say these
> programs are stealing crypto-currency you're keeping on your computer.
> They're just using your computer, and those of millions others, to mine
> for yet undiscovered crypto prime pairs.

I just reread it and you're absolutely right. The headline talks about
one sort of malware, and the article talks about completely different
kids. Neither is great, of course, but having an app you install from
snap steal your crypto wallet credentials seems a lot worse.

It's hard to tell what actually happened, since the only link I could
find in the article is to a 2024 exploit. I looked for some other
headlines from around that time and didn't find much else.

Walt
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug