A security vulnerability has been discovered in Snap Store, allowing hackers to steal users' crypto assets by hijacking expired domain names.

According to ChainCatcher, as disclosed by SlowMist Chief Information Security Officer 23pds, a new security vulnerability has emerged in the Snap Store application store on the Linux platform. Hackers are hijacking expired domain names to take over application publisher accounts and implanting malicious code into cryptocurrency wallet applications.

Attackers monitor and register developer accounts in the Snap Store whose associated domain names have expired, using these domain email addresses to trigger password resets and thus take over publisher identities with long-standing reputations. The compromised applications are disguised as well-known crypto wallets such as Exodus, Ledger Live, or Trust Wallet, with interfaces that are almost indistinguishable from the genuine versions.