It has been recently brought into notice that the MEGA Google Chrome Browser Extension has been hacked by unknown agents. The extension can be used to steal login details, important passwords and cryptocurrency keys of users. Version 3.39.4 of the MEGA cloud storage extension was compromised as the hackers were able to replace the official version with a malicious one. The exploit was noticed by a security researcher who immediately shared it on the micro-blogging platform. Soon MEGA released an official statement as a blog post, giving details about how the exploit was carried out. The company has also asked its users to immediately uninstall the extension as a precautionary measure until further updates to the program.
Only the Google Chrome version of the extension has been tampered with and users who use MEGA on Mozilla Firefox should not be concerned about the attack. The company stated that on 4 September 2018 at 14:30 UTC, its Google Chrome webstore account was hacked. This account was used to upload a modified version of the extension which has been used to carry out the exploits. Immediately after installation of the extension it asks users for permissions to read and change all the data on the websites that they visit. If granted permission it could access credentials related to popular sites such as amazon.com, live.com, github.com, google webstore, digital wallet sites such as myetherwallet.com and mymonero.com, and cryptocurrency trading platform idex.market. It could then be used to send these vital information to remote servers which have been located in Ukraine at ‘megaopac.host’. After sincere apology MEGA also pointed out that such an attack could be carried due to the fact that Google no longer allows publisher’s signature. Instead the uploads are automatically signed which makes it easier to carry out such exploits. The company pointed out that its Firefox version and mobile applications are still robust.
Immediately after the news regarding the hack broke out on social media platforms, several security researchers published their own take on the exploit and the ways in which could be thwarted. Although MEGA Chrome extension has been presented as a secure cloud based service, this attack has once again raised concerns regarding the safety of cloud based services and the ways in which they can be exploited. The extension has been popular due to the fact that it offers free storage, improves the performance of the browser and also aids users in secure browsing of the Internet.
MEGA took down the compromised version of the extension immediately. The extension was uploaded for around 5 hours. Users who had auto-update feature enabled or downloaded the corrupted version need to check and immediately uninstall the extension from their Chrome web browser. Interested users can install a clean version 3.39.5 of the extension that was soon released by MEGA on its official site mega.nz. Google immediately removed the extension form its webstore after being notified regarding the incident. The company has asked infected users to check for the active version of the extension within their system and if compromised they should change their credentials of the sites that were visited during usage of the chrome extension.