Monero recently announced that the official MEGA Chrome extension had been compromised and it’s stealing passwords and crypto wallet addresses from users.
It seems that the latest version of MEGA Chrome extension has been hacked and it’s now allowing cryptojackers to access saved passwords and usernames from Amazon, Google, GitHub, and Microsoft portals as well.
PSA: The official MEGA extension has been compromised and now includes functionality to steal your Monero: https://t.co/vzWwcM9E5k
MEGA Chrome extension, unavailable for download at the moment
The Chrome extension was supposed to provide a secure cloud storage service that can improve browser performance by reducing the loading times.
The extension is currently not available to be downloaded at the ChromeWeb Store.
While using Monero, the addresses of the sender are hidden and also the amount of transaction.
Every transaction that’s made on the Monero network goes through a secret address which cannot be linked to the first sender.
Even if Monero claims that it’s a private and untraceable token, more times the cryptojackers have secretly been able to mine XMR with the computer power of web visitors.
Riccardo Andsaskiaspagni, aka fluffypony, the Lead Maintainer of Monero said on Twitter, “Confirmed that it also extracts private keys if you log in to MyMonero and/or MyEtherWallet in a browser with the extension installed.”
MyEtherWallet.com which is an open-source cryptocurrency wallet for ERC20 tokens also had something to say:
** MEWS ALERT **
We're getting reports that the latest version of the MEGA Chrome Extension was hacked.