TechFlow news: On January 21, according to 23pds, Chief Information Security Officer at SlowMist Technology, a new security vulnerability was discovered in the Snap Store application marketplace for Linux. Hackers exploited expired domain names to hijack app publisher accounts and inject malicious code into cryptocurrency wallet applications.
The attackers monitored and registered developer accounts on Snap Store whose associated domains had expired. They then used email addresses tied to those expired domains to trigger password resets, thereby taking over publisher identities that had built long-standing reputations. The compromised applications masqueraded as well-known cryptocurrency wallets such as Exodus, Ledger Live, or Trust Wallet, with user interfaces nearly indistinguishable from legitimate versions.
As of now, the publisher domains storewise[.]tech and vagueentertainment[.]com have been confirmed as compromised. These malicious applications prompt users to enter their “wallet recovery mnemonic phrase.” Once submitted, this sensitive information is transmitted to the attackers’ servers, resulting in theft of digital assets.
