HomeLatest NewsCyber SecurityMega chrome extension replaced with cryptocurrency-stealing malware
Cyber Security

Mega chrome extension replaced with cryptocurrency-stealing malware

Sanjay Singh
By Sanjay Singh
Updated On
Listen . 1 min
Make us preferred on Google

The attacks happened on September 4, 2018, when MEGA Chrome extension was updated to version 3.39.4 on the Google Chrome Web Store.

Mega chrome extension replaced with cryptocurrency-stealing malware
(Representative Image)
Preferred Source of Google

Exclusive

The chrome extension of Mega.nz file hosting and sharing service has been compromised by an unknown attacker who uploaded a malicious version of MEGA’s Chrome extension, version 3.39.4, to the Google Chrome web store, reported various news portal.

According to reports, the attacks happened on September 4, 2018, when MEGA’s Chrome extension was updated to version 3.39.4 on the Google Chrome Web Store. The malicious version is capable of stealing users’ credentials for popular websites like Amazon, , Github, and Google, as well as private keys for users’ wallets.

Upon installation or auto-update, Mega would ask users to allow additional permission that would allow it to steal credentials from sites like Amazon, Github, and Google, along with online wallets such as MyEtherWallet and MyMonero.

Advertisement
EVENT
Saksham Bharat 2026
Saksham Bharat 2026
A multi-stakeholder dialogue on skilling gap in Cybersecurity, Data Resilience and AI — and the roadmap to a Saksham Bharat.
📅 Tue, 26 May 2026
📍 Mumbai, Bengaluru, Delhi
Register Now →
EVENT
VeeamON 2026 Tour India - Mumbai
VeeamON 2026 Tour India - Mumbai
A VeeamON 2026 India Leadership Series Mumbai for senior public sector and government technology leaders.
📅 Tue, 26 May 2026
📍 Grand Hyatt, BKC
Register Now →
EVENT
Cyber Surakshit Uttar Pradesh
Cyber Surakshit Uttar Pradesh
Find out strategies, frameworks and solutions for building a resilient and secure digital ecosystem across Uttar Pradesh.
📅 Thu, 28 May 2026
📍 Lucknow
Register Now →
EVENT
VeeamON 2026 Tour India - Bengaluru
VeeamON 2026 Tour India - Bengaluru
A VeeamON 2026 India Leadership Series Bengaluru for senior public sector and government technology leaders.
📅 Wed, 03 Jun 2026
📍 JW Marriott Hotel
Register Now →
EVENT
VeeamON 2026 Tour India - Delhi
VeeamON 2026 Tour India - Delhi
A VeeamON 2026 India Leadership Series Delhi for senior public sector and government technology leaders.
📅 Fri, 19 Jun 2026
📍 Shangri-La Eros
Register Now →
EVENT
Infosec Reimagined
Infosec Reimagined
Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.
📅 Fri, 26 Jun 2026
📍 New Delhi
Register Now →
EVENT
Digital Senate
Digital Senate
Digital Senate is a premier conference uniting government leaders, technologists and innovators to share ideas, success stories and strategies on digital governance, public sector transformation, cybersecurity and emerging technologies in India.
📅 Thu, 30 Jul 2026
📍 New Delhi
Register Now →
EVENT
CIO Prism
CIO Prism
CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.
📅 Fri, 18 Sep 2026
📍 Goa
Register Now →

If users had accepted the additional permissions or had auto-update enabled the malicious version will get downloaded thus compromising the entire personal information of the users.

According to the researchers, only those users are affected who already had the MEGA Chrome extension installed at the time of the incident, auto update enabled, and they accepted the additional permission, or if users had freshly installed version 3.39.4.

How to stay safe?

Advertisement

Users who had installed the malicious extension should uninstall the MEGA extension version 3.39.4 asap, and change passwords for all their accounts, especially for those who may have used while having the malicious extension.

“This is not the first time that hackers have replaced the code of legitimate apps via hacking the vendor itself. Even Microsoft’s CCleaner was a victim of a similar attack same time last year. What was much devious this time was chrome updates happen automatically although if the update revises the permissions like in this case, the user is prompted to agree to the new permissions,” said Ankush Johar, Director at Ventures.

He added that Chrome plugins have become an extremely common attack vector and users are suggested to stay vigilant while downloading extensions. “Many malware nowadays, inject malicious chrome plugins to spread ads and steal user data hence users are advised to regularly check the extensions installed in their browser by going to Settings,” he said.

ALSO READ

Get the day's headlines from Tech Observer straight in your inbox

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
Make us preferred on Google
Sanjay Singh
Sanjay Singh
Sanjay Singh covers startups, consumer electronics and telecom for TechObserver.in
- Advertisement -
Powered By Veeam Logo
- Advertisement -

Subscribe to our Newsletter

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
- Advertisement -

Latest in TECH

Mohd Ujaley

AI agents break legacy security models, Veeam CEO warns at VeeamON

Veeam Software CEO Anand Eswaran says zero-trust security models built for human users have broken down as autonomous AI agents move inside enterprises at machine speed, and that recovery, identity and data governance can no longer be treated as separate problems.

RELATED ARTICLES