According to ChainCatcher, a new security vulnerability has been discovered in the Snap Store application platform for Linux, as revealed by 23pds, Chief Information Security Officer at SlowMist. Hackers have been hijacking expired domains to take over app developer accounts and injecting malicious code into cryptocurrency wallet applications. Attackers monitor and register developer accounts in the Snap Store whose associated domains have expired. They then use the email addresses associated with these domains to trigger password resets, thereby taking over the identities of long-established and trusted publishers. The tampered apps mimic well-known cryptocurrency wallets such as Exodus, Ledger Live, or Trust Wallet, with interfaces nearly identical to the genuine versions. It has been confirmed that the publisher domains storewise[.]tech and vagueentertainment[.]com have been hijacked. These malicious apps prompt users to input their "wallet recovery mnemonics." Once users submit this information, the sensitive data is sent to the attackers' servers, leading to the theft of digital assets.
Snap Store Security Vulnerability Allows Hackers to Steal Crypto Assets via Expired Domains
ChaincatcherShare
Summary
A new security vulnerability in the Snap Store on Linux is allowing hackers to steal cryptocurrency through expired domains. Attackers register expired domains associated with developer accounts, then use the linked email addresses to reset passwords and take over the accounts. Malicious apps mimic popular wallets such as Exodus, Ledger Live, and Trust Wallet, tricking users into entering their recovery phrases. Domains such as storewise.tech and vagueentertainment.com have been confirmed to be hijacked. Traders monitoring altcoins should remain vigilant, as the fear and greed index remains volatile amid increasing threats.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.