RATE Group | MEGA.nz Chrome extension caught stealing passwords, cryptocurrency private keys
41208
post-template-default,single,single-post,postid-41208,single-format-standard,ajax_fade,page_not_loaded,,qode_grid_1300,side_area_uncovered_from_content,footer_responsive_adv,qode-content-sidebar-responsive,qode-child-theme-ver-1.0.0,qode-theme-ver-13.3,qode-theme-bridge,wpb-js-composer js-comp-ver-7.9,vc_responsive
 

MEGA.nz Chrome extension caught stealing passwords, cryptocurrency private keys

05 Sep MEGA.nz Chrome extension caught stealing passwords, cryptocurrency private keys

Posted at 02:37h in Cryptocurrency News by

[ad_1]

meganzchromeextensionmaliciouscode.png

The official Chrome extension for the MEGA.nz file sharing service has been compromised with malicious code that steals usernames and passwords, but also private keys for cryptocurrency accounts, ZDNet has learned.

The malicious behavior was found in the source code of the MEGA.nz Chrome extension version 3.39.4, released as an update earlier today.

Google engineers have already intervened and removed the extension from the official Chrome Web Store, and also disabled the extension for existing users.

According to an analysis of the extension’s source, the malicious code triggered on sites such as Amazon, Google, Microsoft, GitHub, the MyEtherWallet and MyMonero web wallet services, and the IDEX cryptocurrency trading platform.

The malicious code would record usernames, passwords, and other session data that attackers would need to log in and impersonate users. If the website managed cryptocurrency, the attacker would also…

[ad_2]

Source link

Tags:
, , , , , , , ,