Official Mega Chrome Extension Steals Users Logins and Crypto Wallet Private Keys
Chrome extension oc Mega.nz caught stealing passwords, cryptocurrency private keys
An Italian developer and contributor to the Monero Project, who goes online with alias- SherHack, have found that MEGA.nz Chrome extension version 3.39.4, had a malicious code behavior.
SherHack points that the official chrome extension of file sharing site Mega.nz, steals usernames and passwords from various sites and also private keys for cryptocurrency accounts.
The malicious code records all the necessary details for login i.e. Username and password or cookies etc.. Moreover it also grab private keys of cryptocurrency wallets, if users visit one of there Crypto wallet accounts.
All the collected data were send to a server located at megaopac[.]host, hosted in Ukraine.
At the mean time Google had removed the extension from Chrome store but if you like to get and check it then you can get from dropbox link.
At the same time, Firefox addon of the mega.nz is clear and no such behavior found.
Mega and Google, both of them is yet to comment on this.
Join the conversation