Hackers Compromised MEGA Chrome Extension to Steal User's login Credentials

Hackers managed to hack into the MEGA Chrome extension and steal login credentials and cryptocurrency keys of users

1. Unknown hacker compromised MEGA Chrome extension and stole login credentials and cryptocurrency keys.
2. On September 4th a malicious version MEGA's Chrome extension (version 3.39.4,) was uploaded to the Google webstore.
3. The exfiltrated data were sent to the attacker server located in Ukraine.
4. All the affected users are advised change your passwords of all your accounts.

Unknown Hackers managed to hack into the MEGA Chrome extension and steal login credentials and cryptocurrency keys of users. According to the statement published by the company on September 4th, an unknown hacker uploaded a malicious version MEGA's Chrome extension (version 3.39.4,) to the Google webstore. After installation or auto update the extension will ask for additional permission such as to read and edit all your data on the website and giving them access to your personal information. “Upon installation or auto update, it would ask for elevated permissions (Read and change all your data on the websites you visit) that MEGA's real extension does not require and would (if permissions were granted) exfiltrate credentials for sites including amazon.com, live.com, github.com, google.com (for webstore login), myetherwallet.com, mymonero.com, idex.market and HTTP POST requests to other sites, to a server located in Ukraine. Note that mega.nz credentials were not being exfiltrated." The authentic version of the extension does not require or ask for such permissions. By granting permission will allow the attacker to steal login credential from any website. The hackers try to exfiltrate login credentials from sites such as amazon.com, live.com, github.com, google.com (for webstore login), myetherwallet.com, mymonero.com, idex.market. The exfiltrated data were sent to the attacker server located in Ukraine. The malicious extension log any POST request where URL contains strings like like "login", "register", "sign in", "username", "email" etc. Users who have installed the extension at the time of the incident and who have enabled the auto-update will be affected by the incident. According to reports this will around 1.6 million users. Users are advised to change your passwords all your account, especially of accounts of you, may have while having the malicious extensions. The Mega.nz has uploaded a clean version of the extension, version 3.39.5, into Google webstore. Those who have enabled auto-update will be changed automatically to the clean version. The Firefox version of MEGA has not been affected by the breach. For the latest cyber threats and the latest hacking news please follow us on Facebook and Twitter.

You may be interested in reading: Google’s Titan Security Key adds Another Layer of Protection to your Accounts