extension replaced with cryptocurrency-stealing malware

The attacks happened on September 4, 2018, when MEGA Chrome extension was updated to version 3.39.4 on the Google Chrome Web Store.

Must Read

How to choose an effective DDoS mitigation plan

There are several flavours from which to choose when selecting an effective DDoS mitigation strategy. Most enterprises opt for one of the cloud protection flavours (always-on or on-demand)

How tech bolster security of online gaming platforms

The rise of online gaming and is evident throughout the world’s financial capitals with the UK, US, and a few other European nations at the forefront

Explained: The evolving nature of cybersecurity threats

Concerns such as hacking and the presence of computer viruses have existed for decades in one form or another. As technology evolved over the years, so did the cybersecurity  threats themselves.

The chrome extension of Mega.nz file hosting and sharing service has been compromised by an unknown attacker who uploaded a malicious version of MEGA’s Chrome extension, version 3.39.4, to the Google Chrome web store, reported various technology news portal.

According to reports, the attacks happened on September 4, 2018, when MEGA’s Chrome extension was updated to version 3.39.4 on the Google Chrome Web Store. The malicious version is capable of stealing users’ credentials for popular websites like Amazon, Microsoft, Github, and Google, as well as private keys for users’ cryptocurrency wallets.

Upon installation or auto-update, Mega would ask users to allow additional permission that would allow it to steal credentials from sites like Amazon, Github, and Google, along with online wallets such as MyEtherWallet and MyMonero.

If users had accepted the additional permissions or had auto-update enabled the malicious version will get downloaded thus compromising the entire personal information of the users.

According to the researchers, only those users are affected who already had the extension installed at the time of the incident, auto update enabled, and they accepted the additional permission, or if users had freshly installed version 3.39.4.

How to stay safe?

Users who had installed the malicious extension should uninstall the MEGA extension version 3.39.4 asap, and change passwords for all their accounts, especially for those who may have used while having the malicious extension.

“This is not the first time that hackers have replaced the code of legitimate apps via hacking the vendor itself. Even Microsoft’s CCleaner was a victim of a similar attack same time last year. What was much devious this time was chrome updates happen automatically although if the update revises the permissions like in this case, the user is prompted to agree to the new permissions,” said Ankush Johar, Director at Infosec Ventures.

He added that Chrome plugins have become an extremely common attack vector and users are suggested to stay vigilant while downloading extensions. “Many malware nowadays, inject malicious chrome plugins to spread ads and steal user data hence users are advised to regularly check the extensions installed in their browser by going to Settings,” he said.

Subscribe to receive the day's headlines from Tech Observer straight in your inbox

Leave a Reply

*The moderation of comments is automated and not cleared manually by techobserver.in. Embedding of any link and use of abusive or unparliamentary language are prohibited.
- Advertisement -

Latest in TECH

Sapience Analytics signs distribution agreement with Redington

Sapience Analytics and Redington said that they have entered into a distribution agreement where latter will resell the Sapience Vue solution through its network of over 30,000 channel partners, system integrators, and value-added resellers countrywide.
- Advertisement -SAP Hana

Related Articles