Re: More than 10 phishing wallets detected on the Snap Store, be careful
That makes sense for someone who highly prioritize security. But average would just download wallet software from certain place (e.g. Snap on Ubuntu or Google Play on Android). And FWIW apt should reject unsigned package or package with invalid signature.
What is stopping someone from adding their own signature to the package?IIRC in apt the package should be signed by repository owner. So you should trust the owner to verify package added to their repository, while attacker must fool the owner to add malicious package.
It's not a big problem with other app stores since they show the developer or company name in big bold letters, so forgeries are easy to spot. But most crypto wallets are made by unknown people, and additionally, there is no way to verify that a Snap package signature really does sign an authentic package, because the real developers are not on the platform.
But in this case (see image i include), it's not hard to find out that those 10 application should be created or published by multiple different group.
Source: https://popey.com/blog/2024/03/exodus-wallet-part-three/