The Hidden Dangers Within Ubuntu's Package Suggestion System

This report analyzes attack vectors against the Ubuntu Snap ecosystem, showing how strictly confined snaps can still exfiltrate credentials via insecure display servers (X11), how the command-not-found helper can be manipulated by registering unclaimed snap names (including many corresponding to APT commands — ~26%), and how typosquatting and auto-update mechanisms can be abused to distribute malicious updates; the authors demonstrate PoCs by publishing example snaps and capturing the resulting command-not-found recommendations.