Chrome extension MEGA is a Trojan horse that steals your Cryptocurrency when installed

The internet is crazy right now about cryptocurrency. Though to be fair, things were more crazy about cryptos a year or so ago, when Bitcoin’s value was skyrocketing by the hour.

Nonetheless, ‘bad people’ who want to cash in on this craze. They are targeting people already deep mining themselves some Monero; or maybe buying them or receiving payment through them. You see it in all manner of bad software that gets secretly installed on users’ device to hijack the CPU and GPU to mine these Monero. Something that has since been christened Cryptojacking


Well, even your beloved browser Chrome is not spared either. There are reports arising pointing at MEGA, a Chrome browser extension that works as a file sharing service has been secretly stealing private keys and passwords to users’ Crypto wallets. It was first reported so by TorrentFreak.

To set the record straight, the perpetrators are not the developers behind the MEGA extension themselves. Rather, MEGA is the victim of hackers who have somehow managed to compromise the extension’s security and implanted a ‘Trojan Horse’ that they are using to steal the private keys and passwords.

After this information went public, the developers behind MEGA took the pain to explain how their extension was being used by hackers to robe from cryptocurrency miners, users, and traders. The hackers are said to have uploaded a malicious version of the MEGA extension to the Chrome Web Store. The compromised version was available at the Store for up to five hours before the alarm was raised and the extension was taken down.

Any user who ran the official installer during those five hours had their accounts compromised. Security experts say that the crypto services that seems to have been most affected include MyEtherWallet (MEW), MyMonero, and IDEX.

It also appears that tech giants like Microsoft, Google, and Amazon were also targeted in these attacks. Though there is no official communication with regards to just how many accounts have been directly compromised.

The developers behind MEGA claim the hackers got in by hacking their official Google account. The attackers somehow used their official login to push the update, which was laced with malware that stole user cryptocurrency accounts details. They further said that the data stolen seems to be en route to a server located somewhere in Ukraine.

In an official press statement, the MEGA developers said:

On September 4, 2018, at 14:30 UTC, an unknown attacker uploaded a trojaned version of MEGA’s Chrome extension, version 3.39.4, to the Google Chrome Webstore. Upon installation or autoupdate, it would ask for elevated permissions (read and change all your data on the websites you visit) that MEGA’s real extension does not require.

Please note that if you visited any site or made use of another extension that sends plain-text credentials […] while the trojaned extension was active, consider that your credentials were compromised on these sites and/or applications.”

Felix Omondi

Kenyan citizen with a passion for writing for as long as I can remember. In my spare time, I like to blog and read up on trends that's happening around the world.

Recent Posts

How to Develop a WordPress Theme Using Bootstrap

Image by 200 Degrees from Pixabay It's no secret that computers and laptops have faded…

2 days ago

Dominate The Local Market: 6 Tips for Small Businesses

Image Credit Indeed, small businesses don't have the same capabilities and resources to compete with…

3 days ago

8 Ways to Transform Your Wellness Routine

Image from Clker Free Vector Images on Pixabay  At the start of the new year,…

3 days ago

Now that Sports Betting is Legal in the USA, Will Online Casinos Follow?

Source: Unsplash.com The sports betting craze has spread through the USA like wildfire and there are…

3 days ago

Finding the Right Company for Your Business GRC Solutions

Image Credit: Pixabay.com As a business, it is important to consider tools and solutions for…

3 days ago

Why is PPC Important for Digital Marketing Strategies?

Image by GraphicMama-team on Pixabay As the world of digital marketing continues to evolve, so…

3 days ago