Close Menu
Cryphedge.com
  • Home
  • Crypto News
    • Bitcoin
    • NFT News
  • Altcoins
  • Scams
  • Blockchain
  • Regulations
  • Trading
Facebook X (Twitter) Instagram
Cryphedge.com
  • Home
  • Crypto News
    • Bitcoin
    • NFT News
  • Altcoins
  • Scams
  • Blockchain
  • Regulations
  • Trading
Cryphedge.com
Home » Hackers Hijack Snap Store Accounts to Push Crypto-Stealing Malware on Linux
Hackers Hijack Snap Store Accounts to Push Crypto-Stealing Malware on Linux

Hackers Hijack Snap Store Accounts to Push Crypto-Stealing Malware on Linux

January 21, 20263 Mins ReadNo Comments Altcoins
Share
Facebook Twitter LinkedIn Pinterest Email

Crypto Journalist

Amin Ayan

Hackers Hijack Snap Store Accounts to Push Crypto-Stealing Malware on Linux

Crypto Journalist

Amin AyanVerified

Part of the Team Since

Apr 2025

About Author

Amin Ayan is a crypto journalist with over four years of experience in the industry. He has contributed to leading publications such as Cryptonews, Investing.com, 99Bitcoins, and 24/7 Wall St. He has…

Share

Last updated: 

January 21, 2026

Cryptocurrency hackers are exploiting trusted Linux software to steal digital assets, using a new technique that turns legitimate Snap Store packages into malware.

Key Takeaways:

  • Hackers are exploiting trusted Snap Store packages to steal cryptocurrency by hijacking existing publisher accounts.
  • The attacks rely on expired domains and email addresses to push malicious updates.
  • The incidents reveal weaknesses in the platform’s trust and security model.

Rather than creating fresh accounts on the Snap Store, which is operated by Canonical, attackers are now taking over existing publisher accounts, according to a warning from Ubuntu contributor and former Canonical developer Alan Pope.

The method relies on identifying expired web domains and email addresses linked to long-standing Snap Store developers, registering those domains, and then using the recovered access to hijack Snapcraft accounts.

Attackers Turn Legitimate Packages Malicious

Once inside, the attackers push malicious updates to packages that were previously benign, catching users off guard through automatic updates and long-established trust signals.

The Snap Store, like other major package repositories, has long been a target for malware campaigns.

Early efforts were relatively unsophisticated, with scammers publishing fake crypto wallet applications under newly created accounts.

When those attempts became easier to detect, attackers began disguising malicious apps using lookalike characters from other alphabets to evade filters.

According to Pope, the tactic then evolved into a bait-and-switch approach. Attackers would publish harmless software under neutral names such as “lemon-throw” or “alpha-hub,” often posing as simple games. After approval and a period of inactivity, a follow-up update would quietly introduce a fake crypto wallet designed to steal funds.

The latest development raises the stakes. In at least two confirmed cases, attackers took control of expired domains once owned by legitimate Snap publishers and used them to distribute wallet-stealing malware through automatic updates.

The affected applications appeared normal on the surface but were built to harvest wallet recovery phrases and transmit them to attacker-controlled servers.

By the time users noticed suspicious behavior, funds and sensitive data were already compromised.

Canonical has since removed the malicious snaps, but Pope warned that the response highlights deeper weaknesses in the platform’s trust model.

He said domain takeovers undermine publisher longevity as a safety signal and called for additional safeguards, including monitoring domain expirations, enforcing stronger account verification for dormant publishers, and requiring mandatory two-factor authentication.

Security Researcher Warns of Delayed Snap Store Takedowns

Pope also noted delays in removing reported malicious snaps, sometimes stretching over several days.

He advised users to exercise extra caution when installing cryptocurrency wallets on Linux and to consider downloading them directly from official project websites instead of app stores.

To help users assess risk, Pope created SnapScope, a web-based tool that flags snaps as suspicious or malicious before installation.

He also urged developers to keep domain registrations active and secure Snapcraft and email accounts with two-factor authentication.

According to Chainalysis, illicit cryptocurrency addresses received a record $154 billion in 2025, a sharp increase from the year before.

In another case, US prosecutors have charged a 23-year-old Brooklyn resident, Ronald Spektor, with stealing roughly $16 million in cryptocurrency from around 100 Coinbase users through an alleged phishing and social engineering scheme.


Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
cryphedge

Related Posts

XRP Sees 4,941 New Wallets In One Day As Price Clings To $1 Support

June 30, 2026

XRPL ReservedTxns: Schwartz’s Anti-Front-Running Fix

June 30, 2026

XRP Price Today: XRP At $1.05

June 30, 2026

Will HYPE Eat BNB’s Market?

June 30, 2026
Add A Comment

Comments are closed.

Editors Picks

Bitcoin’s $4.4B Supply Overhang: Why Institutional Demand Is No Longer Absorbing Selling

June 30, 2026

Google Gemini AI Predicts Jaw-Dropping Sandisk Stock Price by End of 2026

June 30, 2026

Tom Lee’s BitMine Adds $43 Million in Ethereum as Strategy Pauses Bitcoin Purchases

June 30, 2026

July Bounce, Brutal August, Then the Final Low Near $39,000

June 30, 2026
About

cryphedge is an online news portal that aims to share the latest crypto news, bitcoin, altcoin, blockchain, nft news, regulation, trading, crypto scams and much more stuff.

Facebook X (Twitter) Instagram Pinterest YouTube
Top Insights

ICP Price Jumps 12% as AI Upgrade Drives Strong Demand

April 8, 2026

BNB Price Holds Near $1,000 as Bulls Eye Another Fresh Breakout

September 20, 2025

Why Remittix Could Compete With DOGE In 2026 As Altcoin Trends Worldwide

September 11, 2025
Subscribe
Please enable JavaScript in your browser to complete this form.
Loading
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms of Use
  • DMCA

Type above and press Enter to search. Press Esc to cancel.

  • bitcoinBitcoin(BTC)$59,093.00-0.36%
  • ethereumEthereum(ETH)$1,590.390.31%
  • tetherTether(USDT)$1.000.01%
  • binancecoinBNB(BNB)$549.54-0.37%
  • usd-coinUSDC(USDC)$1.000.00%
  • rippleXRP(XRP)$1.050.34%
  • solanaSolana(SOL)$75.111.75%
  • tronTRON(TRX)$0.316530-0.97%
  • Figure HelocFigure Heloc(FIGR_HELOC)$1.01-2.94%
  • HyperliquidHyperliquid(HYPE)$65.34-0.64%
  • dogecoinDogecoin(DOGE)$0.0721890.14%
  • RainRain(RAIN)$0.015646-1.43%
  • USDSUSDS(USDS)$1.000.01%
  • leo-tokenLEO Token(LEO)$9.24-2.84%
  • zcashZcash(ZEC)$405.721.73%
  • stellarStellar(XLM)$0.1978957.77%
  • WhiteBIT CoinWhiteBIT Coin(WBT)$54.4615.48%
  • moneroMonero(XMR)$308.38-0.63%
  • CantonCanton(CC)$0.1447042.40%
  • cardanoCardano(ADA)$0.1511014.97%
  • chainlinkChainlink(LINK)$7.26-0.17%
  • daiDai(DAI)$1.000.00%
  • USD1USD1(USD1)$1.00-0.02%
  • Ethena USDeEthena USDe(USDE)$1.000.00%
  • Gram (prev. Toncoin)Gram (prev. Toncoin)(GRAM)$1.56-2.63%
  • bitcoin-cashBitcoin Cash(BCH)$205.273.54%
  • LABLAB(LAB)$12.80-14.17%
  • litecoinLitecoin(LTC)$42.640.42%
  • Circle USYCCircle USYC(USYC)$1.13-0.05%
  • hedera-hashgraphHedera(HBAR)$0.070088-1.19%
  • Global DollarGlobal Dollar(USDG)$1.00-0.02%
  • avalanche-2Avalanche(AVAX)$6.661.30%
  • suiSui(SUI)$0.701.81%
  • PayPal USDPayPal USD(PYUSD)$1.000.01%
  • crypto-com-chainCronos(CRO)$0.0542451.27%
  • shiba-inuShiba Inu(SHIB)$0.000004-0.05%
  • tether-goldTether Gold(XAUT)$3,971.510.02%
  • nearNEAR Protocol(NEAR)$1.83-1.82%
  • BlackRock USD Institutional Digital Liquidity FundBlackRock USD Institutional Digital Liquidity Fund(BUIDL)$1.000.00%
  • Ondo US Dollar YieldOndo US Dollar Yield(USDY)$1.13-0.28%
  • BittensorBittensor(TAO)$201.97-1.70%
  • World Liberty FinancialWorld Liberty Financial(WLFI)$0.058692-0.16%
  • pax-goldPAX Gold(PAXG)$3,970.96-0.02%
  • uniswapUniswap(UNI)$2.83-1.66%
  • okbOKB(OKB)$80.070.97%
  • AsterAster(ASTER)$0.630.75%
  • OndoOndo(ONDO)$0.313002-0.20%
  • HTX DAOHTX DAO(HTX)$0.000002-2.79%
  • WorldcoinWorldcoin(WLD)$0.410662-3.52%
  • Falcon USDFalcon USD(USDF)$0.990.01%
  • Ripple USDRipple USD(RLUSD)$1.00-0.01%
  • polkadotPolkadot(DOT)$0.832.26%
  • usddUSDD(USDD)$1.000.01%
  • mantleMantle(MNT)$0.410671-3.59%
  • BFUSDBFUSD(BFUSD)$1.000.01%
  • aaveAave(AAVE)$86.28-3.85%
  • Pi NetworkPi Network(PI)$0.1150570.87%
  • MorphoMorpho(MORPHO)$1.910.64%
  • SkySky(SKY)$0.052440-1.81%
  • internet-computerInternet Computer(ICP)$2.14-0.55%
  • bitget-tokenBitget Token(BGB)$1.60-1.42%
  • ethereum-classicEthereum Classic(ETC)$6.92-1.45%
  • DeXeDeXe(DEXE)$22.41-2.13%
  • United StablesUnited Stables(U)$1.000.01%
  • AudieraAudiera(BEAT)$3.3920.98%
  • MemeCoreMemeCore(M)$0.7514.19%
  • PepePepe(PEPE)$0.000002-0.20%
  • Blockchain CapitalBlockchain Capital(BCAP)$106.970.00%
  • quant-networkQuant(QNT)$64.85-0.97%
  • kucoin-sharesKuCoin(KCS)$6.72-2.48%
  • ​​Stable​​Stable(STABLE)$0.038294-0.56%
  • Spiko EU T-Bills Money Market FundSpiko EU T-Bills Money Market Fund(EUTBL)$1.200.17%
  • Janus Henderson Anemoy Treasury FundJanus Henderson Anemoy Treasury Fund(JTRSY)$1.110.01%
  • Invesco Short Duration US Government Securities FundInvesco Short Duration US Government Securities Fund(USTB)$11.130.03%
  • USDGOUSDGO(USDGO)$1.000.04%
  • kaspaKaspa(KAS)$0.0305720.52%
  • render-tokenRender(RENDER)$1.52-1.53%
  • cosmosCosmos Hub(ATOM)$1.520.22%
  • justJUST(JST)$0.0874301.48%
  • algorandAlgorand(ALGO)$0.083164-3.50%
  • POL (ex-MATIC)POL (ex-MATIC)(POL)$0.0696520.33%
  • JupiterJupiter(JUP)$0.2217365.86%
  • USDtbUSDtb(USDTB)$1.000.00%
  • nexoNEXO(NEXO)$0.72-0.18%
  • gatechain-tokenGate(GT)$6.51-0.27%
  • ADIADI(ADI)$5.51-1.82%
  • Janus Henderson Anemoy AAA CLO FundJanus Henderson Anemoy AAA CLO Fund(JAAA)$1.040.02%
  • EthenaEthena(ENA)$0.072891-4.37%
  • 币安人生 (BinanceLife)币安人生 (BinanceLife)(币安人生)$0.66-4.06%
  • BeldexBeldex(BDX)$0.085129-4.94%
  • VelvetVelvet(VELVET)$1.55-10.08%
  • Spiko Amundi Overnight Swap Fund (EUR)Spiko Amundi Overnight Swap Fund (EUR)(EURSAFO)$1.150.17%
  • Venice TokenVenice Token(VVV)$12.94-0.08%
  • GHOGHO(GHO)$1.000.03%
  • Pump.funPump.fun(PUMP)$0.001429-2.38%
  • filecoinFilecoin(FIL)$0.730.31%
  • YLDSYLDS(YLDS)$1.00-0.01%
  • FlareFlare(FLR)$0.006429-1.32%
  • Usual USDUsual USD(USD0)$1.000.00%
  • xdce-crowd-saleXDC Network(XDC)$0.027704-1.36%