Hackers Steal Information From Using MEGA Add-On
The hack alert was issued by a Reddit user with Monero later confirming that the extension had been accessed with unauthorized individuals.
Hackers Access Data Using MEGA Chrome Browser
On Tuesday, it emerged that the MEGA Chrome extension was hacked. The information about the hack was shared by a user on Reddit under. According to the user, he suspected that something was wrong once he received an update from the extension requesting for permission.
He made a follow-up and it emerged that there was no commit on the extension. He noted that since everything appeared fine, he suspected that the webstore might have been hacked or a MEGA insider might have done something wrong.
Immediately the information was, Moreno responded through Twitter confirming the hack. Moreno noted that extension had been compromised. The hackers obtained users data, after being granted permission. The extension would trigger a malware once users logged into already determined websites. Amazon and Google are among the websites that were targeted.
When the code was triggered, the malware then collected personal information like passcodes, private keys and emails. The information was allegedly transferred to a server based in Ukraine. Credit for learning about the attack has been linked to an Italian developer. Moreno’s confirmation came four hours after the attack was highlighted. The concerned applications were auto-updating
In response, Google Chrome dropped the extension from the store while at the same MEGA and on was disabled among users who were already using it. At the moment, users are getting the ‘404 Page Not Found’ error.
Monero Issues an Apology, Blames Google
A representative from MEGA later issued an apology after the hack. He noted that plans are underway to investigate the matter through their Chrome account. The spokesperson further pointed a finger at Google over its store security features. He noted that poor protection features might be responsible for the hack.
The spokesperson said that the MEGAsync and Firefox add-ons were not compromised. The mobile apps are also secure since they are authorized by the firm. Users have been advised to reset their login credentials even if they were not affected by the attack. Additionally, cryptos are supposed to be transferred to other accounts to ensure they are not stolen.