Monero [XMR] wallets compromised as hackers target MEGA Chrome extension

On 4th September, Monero [XMR] announced that the official MEGA chrome extension was compromised, with an update stealing the passwords and cryptocurrency wallet addresses from its users. The latest version of MEGA Chrome extension was hacked, allowing cryptojackers to access saved passwords and usernames from Amazon, GitHub, Google, and Microsoft portals.

The Chrome extension claims to provide a secure cloud storage service that can improve browser performance by reducing loading time. The extension is currently unavailable for download at the Chrome Web Store.

Monero is a privacy coin where the addresses of the sender are hidden along with the amount of transaction which took place. Thus every transaction on the Monero network goes through a secret address which cannot be linked to the first sender.

In spite of Monero’s claims of being private and untraceable, the cryptocurrency has witnessed instances where cryptojackers have secretly mined XMR with the computer power of web visitors.

Riccardo Andsaskiaspagni, also known as fluffypony, the Lead Maintainer of Monero said on Twitter,

“Confirmed that it also extracts private keys if you login to MyMonero and/or MyEtherWallet in a browser with the extension installed.”

MyEtherWallet.com, an open-source cryptocurrency wallet for ERC20 tokens, stated:

SamsungGalaxyPlayer spotted the issue and stated:

“The MEGA Chrome extension source code has not been updates in four months, suggesting that the account responsible with updating the version given to Google was compromised”

Some of the recommendations made in his post on Reddit were to uninstall MEGA Chrome extension immediately and change important passwords. He also suggested that its users transfer funds from those accounts which could have possibly been compromised.

MEGA Chrome extension version 3.39.4 was mainly affected and all the data collected was being sent to one server. This problem was limited to Google Chrome, as the Mozilla Firefox version had not been compromised.

PWPersian commented on Reddit:

“Wow this is huge, I do not personally use MEGA however I am always afraid of extensions going rouge as I check up on updates the least often for them, sending this to everyone I know to make sure they know to change passwords etc.”

Gattacus an enthusiastic Redditor commented:

“There was an update to the extension and Chrome asked for new permission (read data on all websites). That made me suspicious and I checked the extension code locally (which is mostly javascript anyways). MEGA also has the source code of the extension on github https://github.com/meganz/chrome-extension There was no commit recently. To me it looks either their Google Webstore account was hacked or someone inside MEGA did this. pure speculation though”