Breaking on twitter and forums around the Internet right now, the Google Chrome extension for the popular file storage site MEGA has been compromised and can steal Monero (XMR) held by the users, among other private data. Only the 3.39.4 version for Google Chrome has been compromised. Earlier versions and the Firefox version of the extension appear to be safe.
User Passwords Compromised
The downside to the freedom that comes with crypto is rearing its ugly head again today. Hours ago news broke on the Monero (XMR) subreddit that the 3.39.4 version of the MEGA extension for Google Chrome has been compromised.
The hack was discovered when some users became suspicious about the app requesting additional permissions – specifically, asking for access to read data on all websites.
When users began to dig into the code update, they discovered that in addition to allowing users easier access to their file storage accounts on MEGA, it is also set to scrape username and passwords for many common sites, including Google, Facebook and Windows Live. But most alarmingly, it steals your information for MyEtherWallet and MyMonero, among other crypto sites.
Following is the tweet posted by official Monero (XMR) twitter account:
PSA: The official MEGA extension has been compromised and now includes functionality to steal your Monero: https://t.co/vzWwcM9E5k
— Monero (XMR) (@monero) September 4, 2018
Scraped information is then transmitted to the hackers. As the source code for the extension has not been updated in four months on github, the most likely explanation is that hackers somehow compromised the account responsible for releasing updates of the extension to Google.
If you are using the 3.39.4 version of the extension for Google Chrome, please immediately uninstall the extension. Then update the password to every site you have used Google Chrome to access, and replace every wallet you have used Chrome to access and move your funds to those.
This may be tedious if Chrome is your main browser, but the situation is still developing, and we are not sure just how much of your data has been stolen if you are using the infected version. Earlier versions of the Chrome extensions, as well as all Firefox versions appear to be safe.
Digital security 101
This is probably as good an opportunity as we are going to get to remind users not to just unthinkingly install extensions for your browser and give them every permission they want. Although incidents like this one are not common and there do not appear to be many victims, they do happen every now and then, and maybe next time it costs you dearly.
Protect your passwords and your seeds. Do not store them in plaintext (ideally, don’t store them on your computer at all), and do not remain logged in to websites you are not using if it would hurt you to have your account on them compromised.
It’s a rough world out there, and the downside to being ‘your own bank’ as you are with crypto is that you are also the only person standing between criminals and your money. Be careful. Go the extra mile when it comes to protecting your money.