When “Trusted” Snap Packages Turn Hostile
Linux admins -
We've long trusted Snap packages as a convenient, sandboxed way to deploy software — but a new wave of supply-chain attacks is turning that trust against us. In the latest campaign, adversaries are reclaiming expired developer domains, hijacking Snap publisher accounts, and pushing crypto-stealing malware through legitimate Snap updates. This is a real risk. Compromised wallet apps are harvesting recovery seeds and draining funds before users even notice.
If you’re responsible for Linux fleets, this episode should make you rethink how you vet snaps, manage update policies, and detect subtle post-installation abuse. Read on to learn what went wrong, what to watch for, and how to harden your systems against this stealthy vector.
Yours in Open Source,

Dave Wreski
LinuxSecurity Founder
Linux Users Targeted as Crypto-stealing Malware Hits Snap PackagesThe DiscoverySeveral crypto-stealing campaigns are using Snap packages to land quietly on Ubuntu Linux systems. |
When Security Tools Become a Risk: Cisco Snort 3 Flaws & Network Security ThreatsThe DiscoveryCrafted network traffic can crash the Snort 3 inspection engine, force restarts, or degrade analysis without raising clear alarms. |


