The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users’ credentials for popular websites like Amazon, Microsoft, Github, and Google, as well as private keys for users’ cryptocurrency wallets.
On 4 September at 14:30 UTC, an unknown attacker managed to hack into MEGA’s Google Chrome web store account and upload a malicious version 3.39.4 of an extension to the web store, according to a blog post published by the company.
Four hours after the security breach, the company learned of the incident and updated the extension with a clean MEGA version (3.39.5), auto-updating all the affected installations. Google also removed the MEGA extension from its Chrome Web Store five hours after the breach.
https://thehackernews.com/2018/09/mac-adware-removal-tool.html
Leave a Reply
You must be logged in to post a comment.