2018-9-7 08:19 |
As cryptocurrencies are becoming mainstream, hackers are finding new ways to hack into user’s accounts and steal their digital coin holdings. From ransomware attacks to attacks on cryptocurrency exchanges, hackers have done it all. Now they are targeting extensions on a user’s browser to hack into their crypto holdings. The same happened with file-share service provider MEGA, which was hacked to steal users’ private keys and passwords.
How Did It Happen?MEGA explained that the hackers uploaded a malicious program on its Chrome browser extension to Google Web Store. Within five hours of uploading, people who installed became victims of the attack. The services affected by the hack include crypto wallets, most notably decentralized crypto exchange IDEX, MyMonero wallet and MyEtherWallet (MEW).
The hackers also targeted tech giants Google, Microsoft and Amazon. No information about the number of accounts compromised during the hack is available. The MEGA extension (version 3.39.4) is currently unavailable from the Chrome Web Store. The company suggests that the users who installed their browser extension during the breach period were the only ones affected by the hack.
Did a Compromised Google Account Do the Damage?MEGA suggests that the hack is a result of a hacked Google account. The attacker used an official login to update the malware into the extension. It also suggests that the stolen data seemed to be going to a server in Ukraine.
MEGA highlighted the problem in a statement posted on its blog. It said:
“On 4 September 2018 at 14:30 UTC, an unknown attacker uploaded a trojaned version of MEGA’s Chrome extension, version 3.39.4, to the Google Chrome webstore. Upon installation or auto update, it would ask for elevated permissions (read and change all your data on the websites you visit) that MEGA’s real extension does not require.”
The company further commented:
“Please note that if you visited any site or made use of another extension that sends plain-text credentials […] while the trojaned extension was active, consider that your credentials were compromised on these sites and/or applications.”
Monero sent a warning to its users on Twitter, suggesting that the hack could have resulted in stolen XMR coins.
PSA: The official MEGA extension has been compromised and now includes functionality to steal your Monero: https://t.co/vzWwcM9E5k
— Monero || #xmr (@monero) September 4, 2018
MyEtherWallet is particularly in highlight because aside from this, it has also suffered several such hacks in the past seven months.
Hola’s Chrome extension was compromised in a similar way. During the event, users who accessed MyEtherWallet within a five-hour window of the hack while the Hola extension was working had their private keys stolen.
Mega’s Chrome Extension Hit by Hackers With Cryptocurrency-Stealing Malware was originally found on [blokt] - Blockchain, Bitcoin & Cryptocurrency News.
Similar to Notcoin - TapSwap on Solana Airdrops In 2024
Global Cryptocurrency (GCC) на Currencies.ru
|
