ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Wednesday Nov 21st 2018
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Contact Us

MEGA File-Sharing Service's Chrome Extension Hacked, Cryptocurrency Accounts Compromised

By

Daniel

Putney

WriterETHNews.com

A hacker uploaded a malicious version of the extension onto the Chrome Web Store.

MEGA, a New Zealand-based cloud storage and file hosting service, recently issued a security warning regarding a "trojaned" version of its extension that an unknown attacker uploaded to the Chrome Web Store. The malicious update, version 3.39.4, asked for permission to read and change data on websites that users visited. The MEGA team noted that affected sites included amazon.com, github.com, google.com, myetherwallet.com, and mymonero.com, among others.

Four hours after the security breach, MEGA updated the malicious version with a "clean" one (3.39.5). An hour after that, Google removed the extension from the Chrome Web Store. As of press, 3.40.2 is available for download.

Individuals were only affected by the hack if they had the MEGA Chrome extension installed when the attack occurred and had the auto-update feature enabled and accepted the additional permission request (or if they downloaded 3.39.4 directly from the web store). The MEGA crew further told users that if they visited any site during the attack, then they should "consider that [their] credentials were compromised on these sites and/or applications."

Although the hack affected various data and information across multiple websites, the attack specifically exposed users' cryptocurrency accounts associated with the extension. Both MyEtherWallet and Monero, for instance, warned their users about the compromise over Twitter:


Some MyEtherWallet users were also affected in July when the Hola Chrome extension was hacked.

The MEGA crew believes the recent incident is related to a change on Google's end that disallows publisher signatures on Chrome extensions. Apparently, Google "is now relying solely on signing [extensions] automatically after upload to the Chrome webstore, which removes an important barrier to external compromise." The team indicated that its Firefox extension would not have been able to experience this type of attack.

MEGA is looking into the nature of the hack.

Daniel Putney

Daniel Putney is a full-time writer for ETHNews. He received his bachelor's degree in English writing from the University of Nevada, Reno, where he also studied journalism and queer theory. In his free time, he writes poetry, plays the piano, and fangirls over fictional characters. He lives with his partner, three dogs, and two cats in the middle of nowhere, Nevada.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest hack, MEGA or other Ethereum technology news.