MEGA Chrome Extension Compromised to Steal Users’ Monero

Published at: Sept. 5, 2018

The MEGA Chrome extension version 3.39.4 has been compromised and can now steal user’s Monero in addition to other sensitive information, according to recent posts on Twitter and Reddit. MEGA Chrome extension is a tool that claims to improve browser performance by reducing page loading times, in addition to providing a secure cloud storage service.

The official Twitter account of Monero (XMR) posted a warning, advising XMR holders to steer clear of MEGA.

PSA: The official MEGA extension has been compromised and now includes functionality to steal your Monero: https://t.co/vzWwcM9E5k

— Monero || #xmr (@monero) September 4, 2018

Another user tweeted that, in addition to Monero, the extension could also steal sensitive user data. 

!!! WARNING !!!!!!! PLEASE PAY ATTENTION!!LATEST VERSION OF MEGA CHROME EXTENSION WAS HACKED.Version: 3.39.4It catches your username and password from Amazon, GitHub, Google, Microsoft portals!! It could catch #mega #extension #hacked@x0rz pic.twitter.com/TnPalqj1cz

— SerHack (@serhack_) September 4, 2018

Redditor u/gattacus posted on Monero’s official Reddit page that they became suspicious of foul play following a request for new permission following an extension update:

“There was an update to the extension and Chrome asked for new permission (read data on all websites). That made me suspicious and I checked the extension code locally (which is mostly javascript anyways). MEGA also has the source code of the extension on github […] There was no commit recently. To me it looks either their Google Webstore account was hacked or someone inside MEGA did this. Pure speculation though.”

At press time, the MEGA Chrome extension was unavailable for download on the Chrome Webstore. Clicking the link for the extension resulted in a 404 error.

XMR, which — despite some claims to the contrary — is lauded as a private and “untraceable” cryptocurrency, has been the target of illicit and illegal activities in the crypto space.

In several instances, cryptojackers have used the computer power of web visitors to secretly mine XMR. In June, a McAfee report found 2.9 million samples of coin miner malware, which works by using Coinhive code — a program designed to mine XMR on a web browser.

In September last year, Cointelegraph reported that a group of Russian hackers installed crypto mining malware on 9,000 computers over the course of two years. The hackers were hijacking machines to mine XMR and Zcash (ZEC), among other cryptocurrencies. Total earnings were estimated to be $209,000 for Monero alone.

XMR is the tenth biggest cryptocurrency, with market capitalization of over $2 billion at press time. The cryptocurrency is currently trading over $138, having gained 0.47 percent over the last 24 hours according to CoinMarketCap.

Tags
Altcoin
Cryptocurrencies
Hackers
Google
Security
Monero
Related Posts
Monero Discloses Bug Allowing XMR to Be Stolen From Exchanges
Several security vulnerabilities have been disclosed by Monero, including one that could have been exploited to steal xmr from exchanges, reports on the breach disclosure platform HackerOne revealed on July 3. The vulnerability theoretically enabled attackers to send counterfeit xmr to an exchange. Once the fraudster’s account was credited, they could then convert it into other coins and make a withdrawal, leaving the exchange out of pocket. Describing the critical breach they uncovered, the lead developer for CUT coin added: “It is our belief that the vulnerability cannot be used to "mint" real, transactable monero out of thin air.” A …
Altcoin / July 5, 2019
Trend Micro: Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner
Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor. The malware was described on Trend Micro’s official blog on June 13. Per the report, the firm attributes the malware to Outlaw Hacking Group, as the techniques employed are almost the same used in its previous operations. The software in question also holds Distributed Denial of Service (DDoS) capabilities, “allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.” Trend Micro also believes that the creators of the malware in question are …
Altcoin / June 13, 2019
BitMEX Observes Increase in Attacks on Accounts, Stresses Security Measures
This article has been updated to correct that BitMEX is not Hong Kong-based. Peer-to-peer (P2P) cryptocurrency exchange BitMEX has reported an influx of attacks on user account credentials, according to an official blog post on June 11. In addition to covering a litany of best practices for user security, the cryptocurrency exchange stressed the importance of using two-factor authentication (2FA) in particular. The report summarizes 2FA as follows: “2FA, sometimes referred to as ‘two-step verification’ or ‘multi-factor authentication’, adds an additional layer of security to your account by requiring not only your username and password at login, but also the …
United States / June 11, 2019
Malware on Official Monero Website Can Steal Crypto: Investigator
The software available for download on Monero’s (XMR) official website was compromised to steal cryptocurrency, according to a Nov. 19 Reddit post published by the coin’s core development team. The command-line interface (CLI) tools available at getmonero.org may have been compromised over the last 24 hours. In the announcement, the team notes that the hash of the binaries available for download did not match the expected hashes. The software was malicious On GitHub, a professional investigator going by the name of Serhack said that the software distributed after the server was compromised is indeed malicious, stating: “I can confirm that …
Altcoin / Nov. 19, 2019
Ransomware Gangs Are Teaming Up to Form Cartel-Style Structures
Recent ransomware attacks from well-known cybercriminal groups have been suggesting that gangs are forging cartel-style alliances to pressure their respective victims to pay the ransom requests. Cointelegraph has obtained access to what seems to be a darknet site that belongs to the Maze group. On the site, Maze has been leaking stolen data beginning sometime after Sunday. The central feature to highlight is that the gang notes that Ragnar Locker, another ransomware group, provided the info, as the title of the blog post says: “MAZE CARTEL Provided by Ragnar.” Some of the victims listed are United States-based companies. Speaking with …
Bitcoin / June 9, 2020