Share This Post

Breaking News / Cryptocoins / Ethereum / Monero

Monero, Ethereum And More Stolen From Hacked MEGA Extension

A Chrome browser extension used in conjunction with MEGA, a popular file-sharing platform, was recently hacked and used to steal private keys, usernames and passwords from users, allowing hackers to steal Ethereum, Monero and more.

At approximately 11:30 EST last Tuesday, a Reddit user (gattacus) posted an alert within the Monero subreddit, cautioning users to avoid using v3.39.4 of the MEGA extension for Chrome because of fears it may have been hacked.

Gattacus explained that there had been a recent update to the extension which had asked them for new permission to “read data on all websites”. This aroused suspicion, causing the user to check the extension code.

The malware works by obtaining the necessary permissions during installation. Whenever the user then logged into any of a number of pre-determined sites, the malware would trigger. Analysis of the hacked code revealed that the following sites were being targeted:

• MyMonero.com
• MyEtherWallet.com
• IDEX.market
• Amazon.com
• Live.com
• Google.com
• GitHub.com

Once triggered, the code would collect user information which included passwords, usernames, private keys, email addresses and other session data. This information was then sent to a server thought to be in the Ukraine.

Despite the Chrome issue being a major concern, it should be pointed out that neither the Firefox MEGA extension nor the actual MEGA website itself have been affected by the hack.

Credit for discovering the issue is attributed to an Italian developer and contributor to Monero, who posts under the pseudonym SerHack.

A company spokesperson for MEGA acknowledged that the hack had happened and noted that it had updated the infected extension with a clean version (v3.39.5) and auto-updated any affected installations.

Meanwhile, Google removed the MEGA extension from its webstore and disabled it for existing users. At the time of going to press, clicking on a link for the extension currently brings up a ‘404: Page Not Found’ error.


Share This Post

Robert is a keen investor with a particular interest in cryptocurrencies. He has been involved in the industry for many years, and because of this, has gathered a lot of knowledge surrounding this area. He studied English at university level and has a passion for writing. He loves being able to combine his two mains interests on a daily basis.