MEGA Chrome Extension Hacked to Steal Private Keys

MEGA Chrome Extension Hacked to Steal Private Keys

MEGA Chrome extension, a tool that reduces page loading times and provides cloud storage services has been compromised, according to recent reports. The official Twitter account of the anonymous Monero (XMR) digital currency has warned its users to avoid using the extension, as doing so would put their tokens in danger of being stolen.

Other members of crypto Twitter were soon to follow with their own reports, as not only tokens but other sensitive information, such as usernames and passwords was at risk for those who were unfortunate enough to update their MEGA Chrome extension.

The 3.39.4 version of the extension was the one breached by hackers and a notable Monero developer confirmed these claims, warning his followers that both XMR and ETH private keys could be stolen with the updated software.

MEGA was pretty fast to react, implementing a fix (version 3.39.5) four hours after the breach was first reported. The company placed some of the blame on Google in the official blog post, saying that, “We would like to apologize for this significant incident. MEGA uses strict release procedures with multi-party code review, robust build workflow and cryptographic signatures where possible. Unfortunately, Google decided to disallow publisher signatures on Chrome extensions and is now relying solely on signing them automatically after upload to the Chrome webstore, which removes an important barrier to external compromise.“

The MEGA team also confirmed it was looking into the incident and trying to determine those behind the attack.

According to one Reddit user, he became wary after updating the software, after a request for new permission. u/gattacus went into more detail before saying that, “To me it looks either their Google Webstore account was hacked or someone inside MEGA did this. Pure speculation though.“

The extension is unavailable in the Chrome Store at press time and has been temporarily disabled for users who have already installed it.

This is not the first time of hackers turning to browser extensions to illicitly obtain virtual currencies. A Chrome extension of the popular VPN service Hola was hacked a couple of months ago. Users, who updated their VPN service during the five hours of vulnerability, exposed their MyEtherWallet information and activity after being redirected to a fake website by the hackers. Last year, a group of Russian hackers infected over 9,000 computers with crypto mining malware. Unsuspecting users mined XMR, Zcash and a number of other privacy-oriented tokens.

Image Source: “Flickr”

Leave a Reply

Your email address will not be published. Required fields are marked *