Hackers have replaced the extension of Mega, a popular file sharing service for Chrome browser. They used it to steal users’ data regarding crypto wallets.
The break-in has been reported by the administration of the service. Their blog says that on September 4 at 13:30 (GMT+1), an unknown person uploaded a compromised version of MEGA 3.39.4 to Chrome App Store.
“Upon installation or autoupdate, it would ask for elevated permissions (Read and change all your data on the websites you visit) that MEGA's real extension does not require”, the appeal says.
MEGA team notes that the program steals account data from Amazon, Live, Github, Myetherwallet, Mymonero, index.market and Google sites. POST requests to other sites also fall into the hands of attackers. All data is transferred to a server located in Ukraine.
WHY IS IT IMPORTANT?
- Hackers could get data from users of the IDEX exchange, as well as MyEtherWallet and MyMonero wallets. Four hours after the discovery, the extension has been replaced with a real one. It has now been removed from the Chrome store.
- The threat of spoofing sites or applications is one of the most frequent on the web. For example, in July it became known that intruders from a Russian IP-address compromised the work of VPN-service Hola. MyEtherWallet users were among the victims. Half a month later, the company released a mobile application to secure login to accounts.