The MEGA Chrome extension version 3.39.4 is in the news lately, after being compromised and able to steal Monero (XMR) from users – as well as other sensitive information about them and their profiles.
The cryptocurrency in question, Monero (XMR), has confirmed the malicious attempts on Twitter and Reddit and suggested that it can also steal sensitive data.
PSA: The official MEGA extension has been compromised and now includes functionality to steal your Monero: https://t.co/vzWwcM9E5k
— Monero || #xmr (@monero) September 4, 2018
Meanwhile, the MEGA Chrome extension was designed to reduce page loading times as well as provide a secure cloud storage service.
One user confirmed the hack’s ability to steal sensitive user data on Twitter, describing the process on how the extension catches the username and password.
!!! WARNING !!!!!!! PLEASE PAY ATTENTION!!
LATEST VERSION OF MEGA CHROME EXTENSION WAS HACKED.
Version: 3.39.4
It catches your username and password from Amazon, GitHub, Google, Microsoft portals!! It could catch #mega #extension #hacked@x0rz pic.twitter.com/TnPalqj1cz
— SerHack (@serhack_) September 4, 2018
Another Redditor with a handle u/gattacus spotted suspicious activities and decided to post on Monero’s official Reddit page, stating the following:
“There was an update to the extension and Chrome asked for new permission (read data on all websites). That made me suspicious and I checked the extension code locally (which is mostly javascript anyways). MEGA also has the source code of the extension on github […] There was no commit recently. To me it looks either their Google Webstore account was hacked or someone inside MEGA did this. Pure speculation though.”
This again confirms that Monero (XMR) is one of the easiest targets for cryptojackers – especially the ones interested in mining XMR by using profiles of people. A couple of months ago, DC Forecasts reported that 16 people were arrested in Japan for trying to mine Monero (XMR) from user’s machines through the practice of cryptojacking.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post