New Cryptojacking Malware Found on Ubuntu Snap Store

New Cryptojacking Malware Found on Ubuntu Snap Store

A new cryptojacking malware has been found on the Ubuntu Snap Store. The malware has been detected by a vigilant Ubuntu user going by the GitHub moniker “Tarwirdur”; “Tarwirdur” was the first to report the two apps -2048buntu and Hextris- containing the Bytecoin mining code.

This discovery is very relevant since it points out that even the products in an official store are not immune to cryptojacking attacks. Hence, users need to keep vigil and not let hackers use their systems for cryptomining activities, which will eventually make the hackers earn quick money.

As revealed by the Ubuntu user “Tarwirdur” on GitHub, the 2048buntu application contained a hidden Bytecoin miner script. A detailed post on this new cryptojacking malware on Bitsonline (which deals with news on Bitcoin, blockchain, cryptocurrency, fintech, and technology) says- “The attentive Ubuntu user Tarwirdur revealed his findings on GitHub, stating that the 2048buntu application contained a hidden Bytecoin miner script…Initially, Tarwirdur only pointed out the 2048buntu app but later reported that another submission of Nicolas Tomb’s — the author of the exposed app — also contained cryptocurrency mining scripts.”

However, the Snap Store, which is developed by Canonical Ltd., the UK-based software company, has removed all the apps that were uploaded by Tomb; this includes the Hextris app which also contained the malware.

Responding to Tarwinder, sparkiegeek (Adam Collard), who represents the Canonical team, has said- “@tarwirdur yes, we’ve removed all applications from this author pending further investigations. Thank you for your vigilance!”

There is no clarity as regards the number of users that have been affected by the malicious apps uploaded by Tomb; there’s no apparent way to discern install counts. However, since both the above-mentioned apps were uploaded in April 2018, it’s inferred that that number of victims won’t be too high.

Bitsonline, in its post, points out that the malicious 2048buntu mining script “was concealed under the name “systemd” while it mined Bytecoin for a user under the email address”

Bitsonline also observes- “The Ubuntu Snap Store is not the only store that’s been affected by crypto-centric malware. In the past, the Google Play Store, the Chrome Web Store, and the Apple App Store have all seen their share of malicious crypto-based ploys. It’s a trend that’s here to stay unless better preventative measures can be developed. “

Kevin Jones951 Posts

Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like and others.


Leave a Comment

comodo partner

Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password