MEGA Chrome Extension
News | 09/07/2018

MEGA Chrome Extension’ Security Turns to Nightmare!

About: The latest version of MEGA Chrome Extension got compromised by hackers to steal user’s sensitive information & CryptoCurrency, Monero. Google pulled off the latest version of MEGA Chrome Extension from Chrome Web Store after the users raged on Soci...  Read More  

| News | MEGA Chrome Extension’ Security Turns to Nightmare!

Google Chrome introduced a MEGA Chrome Extension to provide solution to the slow loading web pages, improve download performance and strengthen the security of the system. MEGA Extension does not require much memory to function and it is hands-free package as it normally runs in the background.

However, it has been reported that the latest version of MEGA Extension 3.39.4 is compromised by a Trojan version. SenHack, a security researcher and contributor to the Monero project, was the first person to alert the people on 4thSeptember 2018 about this malignant move of cyber hackers. There are over 1.6 million affected users, SenHack added.

 

MEGA Chrome Temp1

 

According to the information from the security researchers, the hackers are looking to steal user’s sensitive information like Credit Card details and login credentials from a number of platforms including Amazon, Google, Microsoft and Github. The compromised MEGA.nz Chrome extension actively monitors user’s information and searches for traces that indicate login forms/registration. The malicious version is also capable of stealing user’s crypto currency like Monero (XMR).

Monero (XMR) is applauded as an exclusive, untraceable and the tenth biggest CryptoCurrency.  In spite of which it has been a target of felonious activities in the crypto ecosystem. The hostile code tracks specific URLs. Some of these include https://www.myetherwallet.com, https://mymonero.com and https://idex.market.

 

MEGA Chrome Temp2

 

Once the information saved on targeted sites is detected, a JavaScript function is then triggered that sends the information to an unidentified host in Ukraine. The attackers use the stolen information to login to the fatal accounts and extract the digital currencies of the users.  

 

Cointelegraph, an independent publication of Crypto Ecosystem, reported a similar incidence that took place in September 2017 wherein Russian hackers installed crypto mining Trojan on over 9,000 computers in a span of 2 years. Hackers were able to mint $209,000 by hijacking machines.

 

The MEGA Company stated in their blog that the users who had MEGA Chrome Extension installed at the time of the incidence with auto-update enabled are likely to be affected. As on installation or auto-update, the malign extension asks for grand permissions of accessing personal information. The company further added that Google did not authorize them to sign their Chrome Extensions, thus lighting up the way for the hackers to compromise with the privacy of the MEGA users.

 

The Firefox Version of MEGA Extension has not been impacted, researchers said. However, the MEGA Chrome users are advised to uninstall/remove the Mega Extension & change the passwords of the banking and financial accounts that may have accessed through MEGA Extensions. Because of the outrage, Google has pulled off the MEGA Chrome Extension version 3.39.4 from Chrome’s download page and it is no longer available for download.

Hits: 96

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Jaipur
Rajasthan 302033
Phone: +91 9799661866