Google Chrome introduced a MEGA Chrome Extension to provide solution to the slow loading web pages, improve download performance and strengthen the security of the system. MEGA Extension does not require much memory to function and it is hands-free package as it normally runs in the background.
However, it has been reported that the latest version of MEGA Extension 3.39.4 is compromised by a Trojan version. SenHack, a security researcher and contributor to the Monero project, was the first person to alert the people on 4thSeptember 2018 about this malignant move of cyber hackers. There are over 1.6 million affected users, SenHack added.
According to the information from the security researchers, the hackers are looking to steal user’s sensitive information like Credit Card details and login credentials from a number of platforms including Amazon, Google, Microsoft and Github. The compromised MEGA.nz Chrome extension actively monitors user’s information and searches for traces that indicate login forms/registration. The malicious version is also capable of stealing user’s crypto currency like Monero (XMR).
Monero (XMR) is applauded as an exclusive, untraceable and the tenth biggest CryptoCurrency. In spite of which it has been a target of felonious activities in the crypto ecosystem. The hostile code tracks specific URLs. Some of these include https://www.myetherwallet.com, https://mymonero.com and https://idex.market.
Cointelegraph, an independent publication of Crypto Ecosystem, reported a similar incidence that took place in September 2017 wherein Russian hackers installed crypto mining Trojan on over 9,000 computers in a span of 2 years. Hackers were able to mint $209,000 by hijacking machines.
The MEGA Company stated in their blog that the users who had MEGA Chrome Extension installed at the time of the incidence with auto-update enabled are likely to be affected. As on installation or auto-update, the malign extension asks for grand permissions of accessing personal information. The company further added that Google did not authorize them to sign their Chrome Extensions, thus lighting up the way for the hackers to compromise with the privacy of the MEGA users.
The Firefox Version of MEGA Extension has not been impacted, researchers said. However, the MEGA Chrome users are advised to uninstall/remove the Mega Extension & change the passwords of the banking and financial accounts that may have accessed through MEGA Extensions. Because of the outrage, Google has pulled off the MEGA Chrome Extension version 3.39.4 from Chrome’s download page and it is no longer available for download.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.