Monero recently announced that the official MEGA Chrome extension had been compromised and it’s stealing passwords and crypto wallet addresses from users.
It seems that the latest version of MEGA Chrome extension has been hacked and it’s now allowing cryptojackers to access saved passwords and usernames from Amazon, Google, GitHub, and Microsoft portals as well.
MEGA Chrome extension, unavailable for download at the moment
The Chrome extension was supposed to provide a secure cloud storage service that can improve browser performance by reducing the loading times.
The extension is currently not available to be downloaded at the ChromeWeb Store.
While using Monero, the addresses of the sender are hidden and also the amount of transaction.
Every transaction that’s made on the Monero network goes through a secret address which cannot be linked to the first sender.
Even if Monero claims that it’s a private and untraceable token, more times the cryptojackers have secretly been able to mine XMR with the computer power of web visitors.
Riccardo Andsaskiaspagni, aka fluffypony, the Lead Maintainer of Monero said on Twitter, “Confirmed that it also extracts private keys if you log in to MyMonero and/or MyEtherWallet in a browser with the extension installed.”
MyEtherWallet.com which is an open-source cryptocurrency wallet for ERC20 tokens also had something to say:
https://twitter.com/myetherwallet/status/1037047371564122112
Recommendations
It seems that the MEGA Chrome extension source code has not been updated for a few months and this suggests that the account responsible for updating the version given to Google has been compromised.
Viable recommendations include uninstalling the MEGA Chrome extension immediately and changing all critical passwords.
Users are also advised to transfer funds from the accounts which could have been compromised.
MEGA Chrome extension version 3.39.4 was mainly affected, and all the data that has been collected was being sent to one server.
The only “good” news is that it seems that this problem was limited to Google Chrome, as the Mozilla Firefox version had not been compromised.
