Malicious MEGA.Nz Targets Ethereum and Monero Wallets
MEGA.nz, the popular file sharing, and cloud storage platform, was breached by a Google Chrome extension that stole private keys from Ethereum and Monero wallets. The malicious extension has since been removed by the Google engineers.
The extension was part of the trojaned version 3.94.4 which was released on September 4th and had embedded in it, a code that had the power to hack into the user’s account information, thereby stealing data related to passwords, usernames and even private keys for cryptocurrencies like Ethereum and Monero.
Just hours after the update, the extension showed concerning behavior. The effect of the hack was not limited to cryptocurrency credentials only, usernames, passwords and other pertinent information from popular websites like GitHub, Google, Microsoft, and Amazon were also targets.
Web-based wallets, affiliated with the aforementioned cryptocurrencies were also subject to the data attack, with MyEtherWallet and MyMonero also losing their users’ private key information. Trading platforms and cryptocurrency exchanges were also part of the hack with IDEX losing critical data.
MEGA.nz released an apologetic statement to the users, informing them that investigations were underway to figure how their security was penetrated and the data was breached, saying “We are currently investigating the exact nature of the compromise of our Chrome Webstore account.”
In a blog post released on September 4th, MEGA.nz said that Google is partly to blame for the extension hack as the latter removed the requirement for publisher signatures on its Chrome extensions.
“[Disallowing publisher signature] removes an important barrier to external compromise. MEGAsync and our Firefox extension are signed and hosted by us and could therefore not fallen victim to this attack vector” concluded the blog post.
The affected users on sites like Microsoft and Amazon are recommended to reset their passwords. MyEtherWaller and MyMonero users have been told to open new accounts and should migrate their digital assets protected by new private keys.
A clean version (3.39.5) was updated by MEGA four hours after the breach took place, five hours after the breach Google removed the extension from the Chrome Webstore.
Image via Shutterstock
Join our Telegram group