<link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3448621598664628523&zx=fbdef328-b03d-499b-a7bd-8e695f26ea35' media='none' onload='if(media!='all')media='all'' rel='stylesheet'/><noscript><link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3448621598664628523&zx=fbdef328-b03d-499b-a7bd-8e695f26ea35' rel='stylesheet'/></noscript>
<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>
<meta name='google-adsense-platform-domain' content='blogspot.com'/>

<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1618281995222563&host=ca-host-pub-1556223355139109" crossorigin="anonymous"></script>

<!-- data-ad-client=ca-pub-1618281995222563 -->

<link rel="stylesheet" href="https://fonts.googleapis.com/css2?display=swap&family=Playfair+Display&family=Indie+Flower&family=Open+Sans&family=Poppins"></head><body>

Official Mega Chrome Extension Steals Users Logins and Crypto Wallet Private Keys

Chrome extension oc Mega.nz caught stealing passwords, cryptocurrency private keys

Admin

September 05, 2018

If you are using Mega.nz Chrome extension then, immediately remove it and also change all your online account passwords.
An Italian developer and contributor to the Monero Project, who goes online with alias- SherHack, have found that MEGA.nz Chrome extension version 3.39.4, had a malicious code behavior.

SherHack points that the official chrome extension of file sharing site Mega.nz, steals usernames and passwords from various sites and also private keys for cryptocurrency accounts.

According to an analysis of the extension's source, the malicious code triggered on sites such as Amazon, Google, Microsoft, GitHub, the MyEtherWallet and MyMonero web wallet services, and the IDEX cryptocurrency trading platform.

The malicious code records all the necessary details for login i.e. Username and password or cookies etc.. Moreover it also grab private keys of cryptocurrency wallets, if users visit one of there Crypto wallet accounts.

All the collected data were send to a server located at megaopac[.]host, hosted in Ukraine.

At the mean time Google had removed the extension from Chrome store but if you like to get and check it then you can get from dropbox link.

At the same time, Firefox addon of the mega.nz is clear and no such behavior found.

Mega and Google, both of them is yet to comment on this.

Read Also

Share:

You may like these posts Show all

Post a Comment

<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/517362887-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY43ju8LjePUO0rVVZ4cL3LpYlSspA:1713581394868';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d3448621598664628523','//www.cyberkendra.com/2018/09/official-mega-chrome-extension-steals.html','3448621598664628523');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '3448621598664628523', 'title': 'Cyber Kendra', 'url': 'https://www.cyberkendra.com/2018/09/official-mega-chrome-extension-steals.html', 'canonicalUrl': 'https://www.cyberkendra.com/2018/09/official-mega-chrome-extension-steals.html', 'homepageUrl': 'https://www.cyberkendra.com/', 'searchUrl': 'https://www.cyberkendra.com/search', 'canonicalHomepageUrl': 'https://www.cyberkendra.com/', 'blogspotFaviconUrl': 'https://www.cyberkendra.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': 'G-YN9DJXCC22', 'analytics4': true, 'encoding': 'UTF-8', 'locale': 'en', 'localeUnderscoreDelimited': 'en', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cyber Kendra - Atom\x22 href\x3d\x22https://www.cyberkendra.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Cyber Kendra - RSS\x22 href\x3d\x22https://www.cyberkendra.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cyber Kendra - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/3448621598664628523/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cyber Kendra - Atom\x22 href\x3d\x22https://www.cyberkendra.com/feeds/5476126606283582889/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-1618281995222563', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': true, 'adsenseAutoAds': true, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/d86c8c5eadffdf93', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Share to Twitter', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': 'Read more', 'pageType': 'item', 'postId': '5476126606283582889', 'postImageThumbnailUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3R38NYqyQuWvlE7iD9OOpHX9mGhdJ-7oNZ2_h15zO6JqW24nMVih3Wchx7dQ6X75XBAk9Vzkiw6WruPoM-Jo_TU1kX5W-Qx3CNexCflg989l2WiZTSZjzxQjYdmX1R_dkYuCayf8RCow/s72-c/bigefpfhnfcobdlfbedofhhaibnlghod-featured__01.jpg', 'postImageUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3R38NYqyQuWvlE7iD9OOpHX9mGhdJ-7oNZ2_h15zO6JqW24nMVih3Wchx7dQ6X75XBAk9Vzkiw6WruPoM-Jo_TU1kX5W-Qx3CNexCflg989l2WiZTSZjzxQjYdmX1R_dkYuCayf8RCow/s1600/bigefpfhnfcobdlfbedofhhaibnlghod-featured__01.jpg', 'pageName': 'Official Mega Chrome Extension Steals Users Logins and Crypto Wallet Private Keys ', 'pageTitle': 'Cyber Kendra: Official Mega Chrome Extension Steals Users Logins and Crypto Wallet Private Keys ', 'metaDescription': 'Chrome extension oc Mega.nz caught stealing passwords, cryptocurrency private keys'}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard!', 'ok': 'Ok', 'postLink': 'Post Link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Official Mega Chrome Extension Steals Users Logins and Crypto Wallet Private Keys ', 'description': 'Chrome extension oc Mega.nz caught stealing passwords, cryptocurrency private keys', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3R38NYqyQuWvlE7iD9OOpHX9mGhdJ-7oNZ2_h15zO6JqW24nMVih3Wchx7dQ6X75XBAk9Vzkiw6WruPoM-Jo_TU1kX5W-Qx3CNexCflg989l2WiZTSZjzxQjYdmX1R_dkYuCayf8RCow/s1600/bigefpfhnfcobdlfbedofhhaibnlghod-featured__01.jpg', 'url': 'https://www.cyberkendra.com/2018/09/official-mega-chrome-extension-steals.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 5476126606283582889}}, {'name': 'widgets', 'data': [{'title': 'Template Code (Do not disable)', 'type': 'HTML', 'sectionId': 'settings', 'id': 'HTML6'}, {'title': 'Cyber Kendra (Header)', 'type': 'Header', 'sectionId': 'header', 'id': 'Header1'}, {'title': 'Social Media Link', 'type': 'LinkList', 'sectionId': 'section', 'id': 'LinkList1'}, {'title': '', 'type': 'HTML', 'sectionId': 'header_bottom_widget', 'id': 'HTML3'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'main', 'id': 'Blog1', 'posts': [{'id': '5476126606283582889', 'title': 'Official Mega Chrome Extension Steals Users Logins and Crypto Wallet Private Keys ', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3R38NYqyQuWvlE7iD9OOpHX9mGhdJ-7oNZ2_h15zO6JqW24nMVih3Wchx7dQ6X75XBAk9Vzkiw6WruPoM-Jo_TU1kX5W-Qx3CNexCflg989l2WiZTSZjzxQjYdmX1R_dkYuCayf8RCow/s1600/bigefpfhnfcobdlfbedofhhaibnlghod-featured__01.jpg', 'showInlineAds': false}], 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'On'}, {'name': 'comments', 'label': 'Post a Comment'}, {'name': 'share', 'label': ''}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': ''}]}], 'allBylineItems': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'On'}, {'name': 'comments', 'label': 'Post a Comment'}, {'name': 'share', 'label': ''}, {'name': 'labels', 'label': ''}]}, {'title': 'Advertisement', 'type': 'HTML', 'sectionId': 'top_ads', 'id': 'HTML90'}, {'title': 'Advertisement', 'type': 'HTML', 'sectionId': 'middle_ads_2', 'id': 'HTML93'}, {'title': 'Advertisement', 'type': 'HTML', 'sectionId': 'matched_content_ads', 'id': 'HTML7'}, {'title': 'Trending!', 'type': 'PopularPosts', 'sectionId': 'sidebar', 'id': 'PopularPosts1', 'posts': [{'title': ' Pirate Bay Proxy List 2024: Unblock The Pirate bay33 [April Updated]', 'id': 7709902560608743927}, {'title': 'ExtraTorrents Proxy List 2024 To Unblock Extratorrent', 'id': 7687163451941064055}, {'title': '1337x Proxy List 2024: Your Guide to Safe and Legal Torrenting', 'id': 1078991593587710032}, {'title': 'Download ExaGear APK + obb - Windows Emulator for Android', 'id': 3731719425182612328}, {'title': 'Convert SQL Server to MySQL - Important Things to Consider', 'id': 1772728232949461230}, {'title': 'The Dos And Don\u2019ts Of Building Effective External Links', 'id': 2066265753436086049}]}, {'title': 'Table of Contents', 'type': 'HTML', 'sectionId': 'toc_auto', 'id': 'HTML8'}, {'title': 'Follow Us', 'type': 'LinkList', 'sectionId': 'footer_widgets', 'id': 'LinkList10'}]}]);
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML6', 'settings', document.getElementById('HTML6'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'header', document.getElementById('Header1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList1', 'section', document.getElementById('LinkList1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML3', 'header_bottom_widget', document.getElementById('HTML3'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'main', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML90', 'top_ads', document.getElementById('HTML90'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML93', 'middle_ads_2', document.getElementById('HTML93'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML7', 'matched_content_ads', document.getElementById('HTML7'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts1', 'sidebar', document.getElementById('PopularPosts1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML8', 'toc_auto', document.getElementById('HTML8'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList10', 'footer_widgets', document.getElementById('LinkList10'), {}, 'displayModeFull'));
</script>
</body>