The official Chrome extension for the MEGA.nz cloud storage service had been compromised as well as replaced alongside a malicious version that tin pocket users' credentials for pop websites similar Amazon, Microsoft, Github, as well as Google, equally good equally individual keys for users' cryptocurrency wallets.
On four September at 14:30 UTC, an unknown assailant managed to hack into MEGA's Google Chrome spider web shop concern human relationship as well as upload a malicious version 3.39.4 of an extension to the spider web store, according to a blog post published yesteryear the company.
Malicious MEGA Chrome Extension Steals Passwords
Upon installation or auto-update, the malicious extension asked for elevated permissions to access personal information, allowing it to pocket credentials from sites similar Amazon, Github, as well as Google, along alongside online wallets such equally MyEtherWallet as well as MyMonero, as well as Idex.market cryptocurrency trading platform.
The trojanized Mega extension thence sent all the stolen information dorsum to an attacker's server located at megaopac[.]host inwards Ukraine, which is thence used yesteryear the attackers to log inwards to the victims' accounts, as well as too extract the cryptocurrency individual keys to pocket users' digital currencies.
"You are merely affected if y'all had the MEGA Chrome extension installed at the fourth dimension of the incident, autoupdate enabled, as well as y'all accepted the additional permission, or if y'all freshly installed version 3.39.4," the fellowship warned.
The fellowship too said Google disallowed publishers to sign their Chrome extensions as well as instead is at nowadays relying alone on signing them automatically yesteryear Google afterward the extension is uploaded, which makes it easier for hackers to force novel updates same equally developers do.
Influenza A virus subtype H5N1 safety researcher, who start reported the breach, too posted a alert on Reddit as well as Twitter, advising users to avoid the trozanised MEGA extension.
Although the fellowship has non revealed the issue of users affected yesteryear the safety incident, it is believed that the malicious version of the MEGA Chrome extension may create got been installed yesteryear tens of millions of users.
What MEGA Users Should Do Next?
The Firefox version of MEGA has non been impacted or tampered with, as well as users accessing MEGA through its official website (https://mega.nz) without the Chrome extension are too non affected yesteryear the breach.
Four hours afterward the safety breach, the fellowship learned of the incident as well as updated the extension alongside a construct clean MEGA version (3.39.5), auto-updating all the affected installations.
Google too removed the MEGA extension from its Chrome Web Store 5 hours afterward the breach.
However, users should take in their credentials beingness compromised on websites as well as applications they visited spell the trojanized MEGA Chrome extension was active.
"Please depository fiscal establishment annotation that if y'all visited whatever site or made usage of roughly other extension that sends plain-text credentials through POST requests, either yesteryear straight off shape submission or through a background XMLHttpRequest procedure (MEGA is non ane of them) spell the trojaned extension was active, take in that your credentials were compromised on these sites and/or applications," the fellowship said.
The Bottom line:
Users who had installed the malicious extension should uninstall the MEGA extension version 3.39.4 correct now, as well as alter passwords for all your accounts, particularly for those y'all may create got used spell having the malicious extension.
