hacked
hacked

Yet another cyber attack affects millions of users. The Mega extension is a very popular extension in Chrome web store. The extension provides secure cloud storage to its users. But now the secure Mega cloud storage is no more secure.

The researchers discover that version 3.39.4 of the extension got compromised by some hackers. Those hackers replaced the extension with a malicious version. After the news spreads like fire. Google immediately decides to remove the extension.

On September 4, 2018, a group managed to hack the MEGA Chrome Extension to reach its user base. Allegedly, they accessed MEGA’s Chrome Store Profile and uploaded a malicious version of the tool, i.e., version 3.39.4. As it seemed legit, the users would simply install it, approving all the permissions asked. After installation, the extension will monitor for specific login form submissions to Amazon, Microsoft, Github, and Google.

1.6 million Users affected:

hacked

The infected extension gets all permissions from the user. After gaining permissions, the extension could crawl all login forms visited by the user. It would also perform monitoring of any form submission where the URL contains the strings Register or Login or variables exist that are named “username”, “email”, “user”, “login”, “usr”, “pass”, “passwd”, or “password”. The extension detects login forms if it contains any of these data variables. And sends the input data to a Ukraine host. Not only this but also the extension monitors URL patterns that can relate to cryptocurrency.

if any specific pattern is detected, the extension executes a javascript. That JS script attempts to steal the cryptocurrency private keys for the logged in user from these sites. More than 1.6 million users loss their login credentials and also cryptocurrency details.

Chrome removes Mega Extension:

MEGA confirmed that the breach affected only the users of version 3.39.4. As stated in their blog,

Chrome removes mega extension

“You are only affected if you had the MEGA Chrome extension installed at the time of the incident, auto update enabled and you accepted the additional permission, or if you freshly installed version 3.39.4. Please note that if you visited any site or made use of another extension that sends plain-text credentials through POST requests, either by direct form submission or through a background XMLHttpRequest process (MEGA is not one of them) while the trojaned extension was active, consider that your credentials were compromised on these sites and/or applications.”

Chrome has removed the extension from its web store. But now the latest version of Mega extension shows up with the issue fixed. So the extension makes its way back to chrome web store. The latest version of Mega Chrome extension is 3.40.6. So you can download it and use it. But it’s better to stay safe.

LEAVE A REPLY
Please enter your comment!
Please enter your name here