Unknown Hacker Hijacked MEGA Chrome Extension to Steal User’s Passwords

[Sept 06, 2018]

The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users’ credentials for popular websites.

On 4 September, an unknown attacker managed to hack into MEGA’s Google Chrome web store account and upload a malicious version 3.39.4 of an extension to the web store.

Upon installation or auto-update, the malicious extension asked for elevated permissions to access personal information, allowing it to steal credentials from sites like Amazon, Github, and Google, along with online wallets such as MyEtherWallet and MyMonero, and Idex.market cryptocurrency trading platform.

The trojanized Mega extension then sent all the stolen information back to an attacker’s server located at megaopac[.]host in Ukraine, which is then used by the attackers to log in to the victims’ accounts, and also extract the cryptocurrency private keys to steal users’ digital currencies.

Cyber Security Tips: 

  • Users who had installed the malicious extension should uninstall the MEGA extension version 3.39.4 right now, and change passwords for all your accounts, especially for those you may have used while having the malicious extension.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: