Follow Us on WhatsApp | Telegram | Google News

Official Mega Chrome Extension Steals Users Logins and Crypto Wallet Private Keys

Table of Contents
If you are using Chrome extension then, immediately remove it and also change all your online account passwords.
An Italian developer and contributor to the Monero Project, who goes online with alias- SherHack, have found that Chrome extension version 3.39.4, had a malicious code behavior.

SherHack points that the official chrome extension of file sharing site, steals usernames and passwords from various sites and also private keys for cryptocurrency accounts.

According to an analysis of the extension's source, the malicious code triggered on sites such as Amazon, Google, Microsoft, GitHub, the MyEtherWallet and MyMonero web wallet services, and the IDEX cryptocurrency trading platform.

The malicious code records all the necessary details for login i.e. Username and password or cookies etc.. Moreover it also grab private keys of cryptocurrency wallets, if users visit one of there Crypto wallet accounts.

All the collected data were send to a server located at megaopac[.]host, hosted in Ukraine.

At the mean time Google had removed the extension from Chrome store but if you like to get and check it then you can get from dropbox link.
At the same time, Firefox addon of the is clear and no such behavior found. 

Mega and Google, both of them is yet to comment on this. 
Read Also
Post a Comment