"Beware: Ubuntu 'command-not-found' Tool Vulnerable to Rogue Package Installation"
Originally Published 1 year ago — by The Hacker News
Cybersecurity researchers have discovered a potential exploit in the Ubuntu operating system's 'command-not-found' utility, which could allow threat actors to manipulate the system and recommend their own malicious packages, potentially leading to software supply chain attacks. The exploit involves the utility suggesting rogue packages from the snap repository, as well as impersonating legitimate APT packages and leveraging typosquatting attacks. Users are advised to verify package sources before installation, while developers have been urged to register associated snap names for their commands to prevent misuse.