The internet is crazy right now about cryptocurrency. Though to be fair, things were more crazy about cryptos a year or so ago, when Bitcoin’s value was skyrocketing by the hour.
Nonetheless, ‘bad people’ who want to cash in on this craze. They are targeting people already deep mining themselves some Monero; or maybe buying them or receiving payment through them. You see it in all manner of bad software that gets secretly installed on users’ device to hijack the CPU and GPU to mine these Monero. Something that has since been christened Cryptojacking.
Well, even your beloved browser Chrome is not spared either. There are reports arising pointing at MEGA, a Chrome browser extension that works as a file sharing service has been secretly stealing private keys and passwords to users’ Crypto wallets. It was first reported so by TorrentFreak.
To set the record straight, the perpetrators are not the developers behind the MEGA extension themselves. Rather, MEGA is the victim of hackers who have somehow managed to compromise the extension’s security and implanted a ‘Trojan Horse’ that they are using to steal the private keys and passwords.
After this information went public, the developers behind MEGA took the pain to explain how their extension was being used by hackers to robe from cryptocurrency miners, users, and traders. The hackers are said to have uploaded a malicious version of the MEGA extension to the Chrome Web Store. The compromised version was available at the Store for up to five hours before the alarm was raised and the extension was taken down.
Any user who ran the official installer during those five hours had their accounts compromised. Security experts say that the crypto services that seems to have been most affected include MyEtherWallet (MEW), MyMonero, and IDEX.
It also appears that tech giants like Microsoft, Google, and Amazon were also targeted in these attacks. Though there is no official communication with regards to just how many accounts have been directly compromised.
The developers behind MEGA claim the hackers got in by hacking their official Google account. The attackers somehow used their official login to push the update, which was laced with malware that stole user cryptocurrency accounts details. They further said that the data stolen seems to be en route to a server located somewhere in Ukraine.
In an official press statement, the MEGA developers said:
“On September 4, 2018, at 14:30 UTC, an unknown attacker uploaded a trojaned version of MEGA’s Chrome extension, version 3.39.4, to the Google Chrome Webstore. Upon installation or autoupdate, it would ask for elevated permissions (read and change all your data on the websites you visit) that MEGA’s real extension does not require.
Please note that if you visited any site or made use of another extension that sends plain-text credentials […] while the trojaned extension was active, consider that your credentials were compromised on these sites and/or applications.”