Hallo stevecook172001
Your question is on of relativity, not absoluteness - so to speak.
In data security we talk of “criminal energy”. If someone wants a “target” badly enough - it will fall - it’s just a question of time.
Snaps reach out to IoT devices. Iot devices make low cost bot-nets achievable. The rest is simply a criminal business plan away. It’s all about gain, almost always financial.
Don’t worry, be happy…
So, does that mean that the Snaps ecosystem is relatively less secure?
Hallo stevecook172001
I don’t have enough information to be able to make a statement about that.
However, both software distribution systems have their appeal if distributing malware is your business.
The only advice I can give is to (a) run a commercial anti-virus product and (b) be prudent. 
Hi all,
a frightening read here!. 
They made an official post about it:
If you don’t have much time, read this part:
we have very interesting security features in the works that will improve the safety of the system and also the experience of people handling software deployments in servers and desktops.
As just one example that is relevant in the context of this event, a simple but fairly effective feature that we are working on is the ability to flag specific publishers as verified. The details of that will be announced soon, but the basic idea is that it’ll be easier for users to identify that the person or organization publishing the snap are who they claim to be. The need for trust still remains but it will help users inform their decision further before installing.
Other features are more gradual and less visible, such as the regular encoding of new interfaces that allow mediating other aspects of the system, or the upstreaming of all the AppArmor kernel patches, allowing more Linux distributions to benefit from additional confinement capabilities.
Wow an official post, and it only took them four days to do so…
On the one hand that’s practically light speed for a corporation and on the other hand way too slow, too little, too late.
at least it shows that they are trying to do something about such things, unlike some of the other big names
Reading about it I understood that individual snaps are not reviewed by humans reading the code. They make automated tests that “look” inside the code and check if there are security vulnerabilities.
Important: this only happens with open source snaps, closed source snaps are NOT reviewed by anyone, machine or human.
I don’t like it… but kinda makes sense if you think the amount of work needed to read million of lines of code from thousands of snaps everytime they update.
Some people are now worried and are looking for antivirus. I think in the near future Linux users will need antivirus software too.
honestly I do not know if an antivirus would catch it, it was written in as part of the app
This is not sounding good.
At all.
Hallo
Catch 22
If you don’t run a commercial anti virus application you won’t know what it will find…
I run one.
You have a choice.
Almost all of those wonderful persons writing FLOSS for GNU/Linux are good people who are well intentioned.
However, it has now been shown that at least one was not.
The down side of trust systems is that they can be abused. Some coders (one proven) are obviously prepared to abuse such trust systems for their own benefit.
In view of this proven abuse the FLOSS world could consider reviewing the software distribution systems.
There is no such thing as 100% security. It is more a question of how much risk you are prepared to live with. To this question, each of us must find their own answer.
With freedom comes responsibility.
I think one good open source antivirus should be included in all popular distros(Ubuntu, Ubuntu flavours, Ubuntu based, Fedora, Debian). This would be good for companies too, they receive thousands of emails per day, use pendrives, you can’t always control what employees are accessing and using. But I think there isn’t one, maybe the most popular is ClamAV, I don’t know.
Ubuntu MATE’s Software Boutique should have more control(review) to protect users too.
As far as I know all the virus scanners you’ll find for Linux right now scan for Windows malware. There aren’t supposed to be any Linux malware.
Given this seems to be an entirely self-inflicted problem I’m not sure what benefits to Snap outweigh simply going back to secure packaging directly from the distro itself. It wasn’t broken, why are we so determined to fix it?
My take on this is. Is your responsibility to know what you install and wo made that snap or at the core app. Don’t forget everything made by humans are not perfect. Especially when something is free as gnu/linux where you have full control of the os. About how and in what time did canonical respond to the problem is irrelevant, why? Because in every instance the main dev will give a heads up to the users when they find a way to fix it. Look from this point, if someone knows about a problem before they find a way to patch it, hackers will use it and untill the pach comes you will have 100 apps doing mining insted of only one.
Everybody ‘knows’ Messi or Cristiano Ronaldo, but everybody knowing every app developer and every core app… it’s an utopia.
Talking about me, I’m the regular Joe that knows little to nothing about computers. And by statements like this, once again the stereotype that Linux is only for advanced computer geeks with computer degrees is once again perpetuated.
And about ‘knowing’ the authors, a good example comes to my mind: who was the most known and respected Kodi add-ons developer?
It was Lambda. He was like a hero to the general Kodi user community.
Who was the first guy to put malware into Kodi?
Yep exactly, it was Lambda himself! The guy that everybody loved and trusted made some thousands of machines become part of a botnet for ddos attacks.
Please bear in mind that people like me, the pure computer user without knowledge (which are perhaps more than 99% of the market) also exist.
So please don’t fallow that mentality that whatever is made is correct and if someone gets screwed along the way is their own fault and no one else should care or be responsible.
A good advice is to install a Firewall, I believe that the most popular is Gufw, you can enable it on Ubuntu MATE.
If you don’t have it, follow these instructions:
Open it, turn the switch ON, and that’s it.
Hallo
Commercial virus scanners can detect GNU/Linux relevant malware. I’m not saying they can detect all of it.
I personally, would no longer use ClamAV, although I have used it in the past.
Some forms of modern malware have the ability in the first phase of their attack to detect which operating system is running on the computer and then in the second phase download the variant that is required to attack that system. Some malware has GNU/Linux variants. 
I understand that @Wimpy was already considering adding a carefully selected anti-virus tool to the software boutique - and - this was being thought about before the “snap-malware” event. 
I do not envy his task, no matter which program he selects many will surely disagree with his choice. A rather thankless task I fear. 
Security becomes very technical, very quickly. That is because attacks seek to exploit small technical flaws, usually in the hand-off between very “low-level” processes running on a computer.
The difference between GNU/Linux and windoze and fruity, is that GNU/Linux users have the freedom to dig into their systems and do something about it themselves. But that requires knowledge, knowledge that windoze and fruity users will have no use for, because their systems do not allow them to take action on their own. Some, by no means all, GNU/Linux users choose to delve into this subject, and they acquire knowledge about it, and express that knowledge when discussing such matters. They are not eliteist, they are knowledgeable. 
I understand that @Wimpy was already considering adding a carefully selected anti-virus tool to the software boutique
That’s a good idea, or go even further and install it by default, like Gufw firewall.
All snaps (regardless of publishers) are run through the automated review tools every time a new snap is uploaded.
In the case of classic snaps (those that operate without confinement) they can’t be uploaded to the store until a manual security review is completed and the identity of the publisher is confirmed to be a valid upstream.
Glad to hear that! I concluded that by reading this part:
Snap apps are not checked line-by-line for anything suspicious or out-of-the-ordinary. Therefore, under the current framework, there was simply no way to detect or prevent this “malware” from being bundled up with an app and made available on the Snap store.
Any theoretical pre-detection would’ve been hard to do given that both of the affected apps were uploaded as proprietary software. Their code was not available to check.
Source: https://www.omgubuntu.co.uk/2018/05/ubuntu-snap-malware
Update:
I suggested creating a Security section on snapcraft website