H5N1 pop Google Chrome extension for file-sharing service MEGA has been compromised past times a grouping of hackers who managed to bag users somebody keys, usernames, as well as passwords.
On September 4, a researcher named SerHack was the showtime 1 to post out an warning via Twitter mentioning the hacked extension. He noticed that the tool potentially harvested user credentials from diverse platforms, including Microsoft, Github, Google, Amazon, MyEtherWallet, MyMonero, IDEX.market, as well as Live,
The hacker uploaded the malicious version of the browser extension, i.e., version 3.39.4 inward an endeavor to attain access to unlike websites. The passwords were as well as then sent to a Ukraine-based server.
MEGA has released a contention as well as confirmed the hack, “On iv September 2018 at 14:30 UTC, an unknown assaulter uploaded a trojaned version of MEGA’s Chrome extension, version 3.39.4, to the Google Chrome Webstore. Upon installation or car update, it would enquire for elevated permissions (Read as well as modify all your information on the websites yous visit) that MEGA’s existent extension does non require as well as would (if permissions were granted) exfiltrate credentials for sites including amazon.com, live.com, github.com, google.com (for webstore login), myetherwallet.com, mymonero.com, idex.market as well as HTTP POST requests to other sites, to a server located inward Ukraine. Note that mega.nz credentials were non beingness exfiltrated.”
However, MEGA has blamed Google for this incidence every bit they accept removed publisher signatures on Chrome extensions as well as making it easier for hackers to attack.
“We would similar to apologize for this pregnant incident. MEGA uses strict unloosen procedures alongside multi-party code review, robust ready workflow as well as cryptographic signatures where possible. Unfortunately, Google decided to disallow publisher signatures on Chrome extensions as well as is straight off relying exclusively on signing them automatically later upload to the Chrome webstore, which removes an of import barrier to external compromise."
"MEGAsync as well as our Firefox extension are signed as well as hosted past times us as well as could thus non accept fallen victim to this assault vector. While our mobile apps are hosted past times Apple/Google/Microsoft, they are cryptographically signed past times us as well as thus immune every bit well.”
The best means to remain prophylactic from this sort of assault is to non download whatsoever extension yous won’t need.