Malware has been found hiding inside software in the Ubuntu Snap store.
A pair of (seemingly normal) apps hosted by the Canonical-backed app hub were discovered to contain a сryptocurrency miner disguised as the “SystemD” daemon.
The affected apps also shipped an “init script” to auto-load the malicious code on boot and allow it to run in the background on affected systems.
Canonical says it has “removed all applications from this author pending further investigations” since learning of the flaw via a Github issue on the weekend.
Because the Snap Store doesn’t provide public-facing install numbers for apps it holds, it’s unclear how many Linux users have been affected by this “miner issue,” though it’s worth noting that both apps were only uploaded in late April.
Regardless of the exact figure, it’s a given that many users will now be asking how this was allowed to happen in the first place.
How was it possible for malware to find its way into the Snap store and onto users’ systems?
The code in question was first found by Github user ‘tarwirdur’ in an app purporting to be a version of the popular 2048 game.
Curious as to why the app added a system start-up script, they checked it out and saw that it was for a crypto-currency miner tool.
This user then checked another app uploaded to the Snap store by the same developer. And guess what? They found it also contained the same ByteCoin mining script, linked to the same e-mail address.
This situation marks the first major “security” issue in the Snappy packaging system. But although unwelcome, this particular fail is not necessarily as frightening as it sounds at first—nor is it necessarily a fault with the Snappy format.
All apps uploaded in the Snap store undergo automatic testing to ensure that they work and install correctly for users on multiple Linux distros.
Snap apps are not checked line-by-line for anything suspicious or out-of-the-ordinary, however. Therefore, under the current framework, there was simply no way to detect or prevent this “malware” from being bundled up with an app and made available on the Snap store.
Any theoretical pre-detection would’ve been hard to do given that both of the affected apps were uploaded as proprietary software. Their code was not available to check.
The crypto-currency miners in this instance can be considered malware because they weren’t mentioned in the store description, and used system resources without permission or user knowledge for a task that wasn’t authorised.
That said, the mining scripts themselves don’t (seem to) do anything malicious to the system itself (for example, they don't harvest data, inject code, or hijack browsers).
It is possible that the app author in question wasn’t being intentionally malicious; given the lack of effort to disguise the malware (and the inclusion of a hardcoded email address mentioning a Ferrari), they may have been attempting to draw attention to a hole in the Snapcraft vetting model.
And if so, it worked.
Sent to us by: Roy W. Nash
After 33 years, Notepad finally displays text files properly.
Notepad has been around as long as Windows, originally shipping with Windows 1.0 way back in 1985. However, it's taken Microsoft 33 years to fix one of Notepad's most annoying problems: it can't display all text files correctly.
While that may sound ridiculous, it has been a frustration for anyone attempting to open a text file in Notepad that was created on a Unix, Linux, or macOS system. The text output is garbled—and it's all because of line endings.
As Microsoft explains on its developer blog, until now Notepad supported text documents containing three types of line ending characters. They are Windows End of Line characters, Carriage Return, and Line Feed. If the text document uses those, the output in Notepad will be perfectly formatted.
Text documents created in Unix, Linux, or macOS use different line ending characters. When you try and open them in Notepad you see a garbled mess of text, since all the line breaks are missing.
The latest Windows 10 Insider build contains the updated version of Notepad complete with additional line endings support. The status bar will even show you which line endings the file uses.
Sent to us by: Robbie Ferguson
Facebook is launching its own blockchain division as part of a broader reorganization of its executive lineup.
The move comes four months after CEO Mark Zuckerberg said in a Facebook post that he wanted the company to “go deeper and study the positive and negative aspects of” cryptocurrencies.
The company is saying little about its blockchain division for now. But we do know that David Marcus, who was serving as the vice president of messaging products and overseeing Facebook Messenger, will be running the blockchain group. Interestingly, he is also the former CEO of PayPal, with a long-time interest in payment systems. He also currently serves on the board of bitcoin exchange, Coinbase.
Instagram’s current vice president of product, Kevin Weil, will be leaving that role to join Facebook’s blockchain team. The two positions are the only ones announced so far for the team, and come amid a lot of other employee reshuffling.
Sent to us by: Jeff Weston
Nintendo is bringing back its outrageously popular $60 NES Classic Edition console next month.
The console was intended as a limited-time offering—it went on sale in late 2016 and was discontinued in April 2017.
Between the low price and the heavy draw of Nintendo nostalgia, the NES Classic Edition was a major hit. As a result, tt was nearly impossible to find.
And now Nintendo says it is bringing back the console.
Nintendo tweeted on Sunday night, "#NESClassic Edition will return to stores on June 29!" They also said, "This system and the #SNESClassic Edition system are expected to be available through the end of the year."
It's great news for anyone who missed out on a chance to buy the NES Classic Edition during its brief window of availability. The only other way to buy one at this point is to go through third-party resellers like eBay, where prices are often triple or more the original $60 cost of the console.
The same 30 classic NES games that shipped with the first run of the NES Classic Edition will ship on the new production run as well.
Sent to us by: Bekah Ferguson