Linux用户需注意Snap Store上新型攻击，黑客可接管开发者身份诱导用户提交助记词

Blockbeats

Jan 21

BlockBeats 消息，1 月 21 日，慢雾 CISO 23pds 在社交媒体上发文表示，Linux 用户需要注意，Snap Store 爆发新型攻击，过期域名变黑客后门盗取用户加密资产。篡改的应用伪装成 Exodus、Ledger Live 或 Trust Wallet 等知名加密钱包，诱导用户输入“钱包恢复助记词”，导致资金被盗。

据悉，目前攻击者转而监控 Snap 商店中关联域名已过期的开发者账号。一旦发现目标域名失效，攻击者便立即将其注册，随后利用该域名的邮箱在 Snap Store 触发密码重置，从而接管已建立长期信誉的发布者身份。

23pds 解释称，这意味着用户几年前安装且一直信任的合法软件，可能在一夜之间被黑客通过官方更新通道植入恶意代码。目前已确认 storewise[.]tech 和 vagueentertainment[.]com 两个发布者域名通过此方法遭劫持。被篡改的应用通常会伪装成 Exodus、Ledger Live 或 Trust Wallet 等知名加密钱包，其界面与正版几乎没有差别。

应用启动后会先连接远程服务器验证网络，随即诱导用户输入“钱包恢复助记词”。用户一旦提交，这些敏感信息会即刻传至攻击者服务器，导致资金被盗。由于利用了旧有的信任关系，此类攻击往往在受害者察觉前就已得手。

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

1
2
3
4
5
6
7
8
9
10

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2605122470"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"isCrawlerRequest":true,"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2605122470\",edition:\"fundamental\",auth_exemption:1,,,undefined,":{"share":"https://ttm.financial/m/news/2605122470?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2026-01-21 04:13","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2605122470","market":"us","top_or_hot":-1,"title":"Linux用户需注意Snap Store上新型攻击，黑客可接管开发者身份诱导用户提交助记词","media":"Blockbeats","content":"<html><body><div><p>BlockBeats 消息，1 月 21 日，慢雾 CISO 23pds 在社交媒体上发文表示，Linux 用户需要注意，Snap Store 爆发新型攻击，过期域名变黑客后门盗取用户加密资产。篡改的应用伪装成 Exodus、Ledger Live 或 Trust Wallet 等知名加密钱包，诱导用户输入“钱包恢复助记词”，导致资金被盗。</p><p>据悉，目前攻击者转而监控 Snap 商店中关联域名已过期的开发者账号。一旦发现目标域名失效，攻击者便立即将其注册，随后利用该域名的邮箱在 Snap Store 触发密码重置，从而接管已建立长期信誉的发布者身份。</p><p>23pds 解释称，这意味着用户几年前安装且一直信任的合法软件，可能在一夜之间被黑客通过官方更新通道植入恶意代码。目前已确认 storewise[.]tech 和 vagueentertainment[.]com 两个发布者域名通过此方法遭劫持。被篡改的应用通常会伪装成 Exodus、Ledger Live 或 Trust Wallet 等知名加密钱包，其界面与正版几乎没有差别。</p><p>应用启动后会先连接远程服务器验证网络，随即诱导用户输入“钱包恢复助记词”。用户一旦提交，这些敏感信息会即刻传至攻击者服务器，导致资金被盗。由于利用了旧有的信任关系，此类攻击往往在受害者察觉前就已得手。</p></div></body></html>","source":"theblockbeats_zh_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>Linux用户需注意Snap Store上新型攻击，黑客可接管开发者身份诱导用户提交助记词</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nLinux用户需注意Snap Store上新型攻击，黑客可接管开发者身份诱导用户提交助记词\n</h2>\n\n<h4 class=\"meta\">\n\n\n2026-01-21 04:13 北京时间&nbsp;&nbsp;&nbsp;<a href=https://www.theblockbeats.info//flash/329027><strong>Blockbeats</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>BlockBeats 消息，1 月 21 日，慢雾 CISO 23pds 在社交媒体上发文表示，Linux 用户需要注意，Snap Store 爆发新型攻击，过期域名变黑客后门盗取用户加密资产。篡改的应用伪装成 Exodus、Ledger Live 或 Trust Wallet 等知名加密钱包，诱导用户输入“钱包恢复助记词”，导致资金被盗。据悉，目前攻击者转而监控 Snap 商店中关联域名已过期的...</p>\n\n<a href=\"https://www.theblockbeats.info//flash/329027\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"SNAP","symbol_name":"Snap Inc","start_time":0,"source_url":"https://www.theblockbeats.info//flash/329027","article_id":"2605122470","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2605122470","pubTimestamp":1768939980,"columns":[],"sourceInfo":{"source_id":"theblockbeats_zh_live","name":"blockbeat"},"weMediaInfo":null,"summary":"BlockBeats 消息，1 月 21 日，慢雾 CISO 23pds 在社交媒体上发文表示，Linux 用户需要注意，Snap Store 爆发新型攻击，过期域名变黑客后门盗取用户加密资产。篡改的","collect":0,"end_time":0,"defaultTopTitle":"theblockbeats.info","property":[],"viewcount":null,"language":"zh","relate_stocks":{"SNAP":"Snap Inc","BK4077":"互动媒体与服务","BK4554":"元宇宙及AR概念","BK4508":"社交媒体","BK4576":"AR","BK4551":"寇图资本持仓"},"translate_title":"Linux users need to pay attention to new attacks on Snap Store, hackers can take over the identity of developers and induce users to submit mnemonics","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"SNAP":1.5},"content_text":"BlockBeats 消息，1 月 21 日，慢雾 CISO 23pds 在社交媒体上发文表示，Linux 用户需要注意，Snap Store 爆发新型攻击，过期域名变黑客后门盗取用户加密资产。篡改的应用伪装成 Exodus、Ledger Live 或 Trust Wallet 等知名加密钱包，诱导用户输入“钱包恢复助记词”，导致资金被盗。据悉，目前攻击者转而监控 Snap 商店中关联域名已过期的开发者账号。一旦发现目标域名失效，攻击者便立即将其注册，随后利用该域名的邮箱在 Snap Store 触发密码重置，从而接管已建立长期信誉的发布者身份。23pds 解释称，这意味着用户几年前安装且一直信任的合法软件，可能在一夜之间被黑客通过官方更新通道植入恶意代码。目前已确认 storewise[.]tech 和 vagueentertainment[.]com 两个发布者域名通过此方法遭劫持。被篡改的应用通常会伪装成 Exodus、Ledger Live 或 Trust Wallet 等知名加密钱包，其界面与正版几乎没有差别。应用启动后会先连接远程服务器验证网络，随即诱导用户输入“钱包恢复助记词”。用户一旦提交，这些敏感信息会即刻传至攻击者服务器，导致资金被盗。由于利用了旧有的信任关系，此类攻击往往在受害者察觉前就已得手。","kind":"live","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":true,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"isVideo":false,"video":null,"symbols":[],"gpt_button":1,"need_auth":false,"need_login_tip":false,"code":"91000000","status":"200"}}}