Mega bad day.

Chrome extension hack leads to cryptocurrency heist πŸ˜±πŸ’»πŸ’ΈπŸ’Έ1 min

Extensions for your browser are cool.
Such cool gadgets are in reality programs that run autonomously.
So if you have tons of not updated extensions, you risk getting hacked.

MEGA is a cloud storage service with a focus on Privacy. They have all sort of apps, and of course, handy Chrome extensions.

A Hacker managed to hack into MEGA's Google Chrome web store account and upload a malicious version. Upon installation or auto-update, the malicious extension asked for elevated permissions to access personal information, allowing it to steal login/register credentials from ANY websites like Amazon, Github, and Google, along with online wallets such as MyEtherWallet and MyMonero, and cryptocurrency trading platform.

The Hacker received all this info on his website megaopac[.]host and cashed in all stolen cryptocurrencies.

Remember always make sure that you need an extension, and if it is asking for more information than usual, be suspicious!

You can read the details of how this was discovered here.
great cath /u/gattacus and  @serhack_ 

Photo by Kari Shea on Unsplash.
The rest we beautified βš‘οΈβ€οΈπŸŒˆπŸ’©.



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Send this to a friend