Snap Store has a security vulnerability, allowing hackers to steal users' encrypted assets by hijacking expired domains

According to 23pds, the Chief Information Security Officer of Slow Fog Technology, a new type of security vulnerability has emerged in the Snap Store application store on the Linux platform. Hackers are taking over application publisher accounts by hijacking expired domain names and injecting malicious code into cryptocurrency wallet applications.

Attackers monitor and register developer accounts in the Snap Store associated with expired domain names, using these domain emails to trigger password resets, thereby taking over the established publisher identity with long-term credibility. The tampered applications disguise themselves as well-known cryptocurrency wallets such as Exodus, Ledger Live, or Trust Wallet, with interfaces that are almost indistinguishable from the originals.

Currently, it has been confirmed that the publisher domains storewise[.]tech and vagueentertainment[.]com have been hijacked. These malicious applications will lure users into entering their "wallet recovery mnemonic." Once the user submits it, the sensitive information will be sent to the attacker's server, resulting in the theft of digital assets.