The MEGA extension for Chrome steals cryptocurrency
The use of the official extensions file-sharing service MEGA for Chrome can threaten users with the loss of cryptocurrencies and sensitive data.
A Reddit user wrote the following:
After updating the Chrome extension has requested a new authorization, namely, to read data from all sites. It seemed to me suspicious, and I investigated the code of the extension. Your MEGA posting source code on GitHub, but no updates in the last time there was not. I think, or Google Webstore was hacked, or did someone inside MEGA.
A Twitter user under the nickname SerHack reported that the compromised solution is to steal usernames and passwords with portals, Microsoft, Google, Amazon and GitHub.
Later, an official review released the MEGA service, acknowledging the incident.
On 4 September 2018 at 17:30 GMT, an unknown hacker has uploaded a malicious version of the MEGA Google Chrome. After installation or automatic updates, the app asks to increase the permissions (read and modify data on all sites you visit). The present extension MEGA never did. In the list of sites also includes mymonero.com, myetherwallet.com, amazon.com, github.com, live.com, google.com (entering the store), idex.market and HTTP POST requests to other websites, transmitting the collected data on Ukrainian server.
Thus, it became known that, among other things, a malicious extension also collects a decentralized exchange ERC20-IDEX tokens, Ethereum-wallet MyEtherWallet and Monero wallet MyMonero.
The victim of this attack could only be the case if you installed the MEGA extension for Chrome at the time of the incident or not turned off auto update and agreed to provide additional extensions. Remember, if you did it for 5 hours while Google did not remove a malicious extension from Chrome extensions, your data should be considered compromised.
— adds MEGA
At the moment the MEGA extension in the Google Chrome is still not available.