Skip to main content

Hacked Chrome extension disguised as legitimate version steals logins

Chrome OS
Image used with permission by copyright holder

Cloud storage service Mega.nz revealed that it was hacked on Tuesday, September 4, and users who had installed the service’s Chrome browser extension may have had their passwords to other internet services compromised. The malicious version of the browser extension was uploaded to the Chrome web store by hackers in an effort to gain access to user’s logins for sites such as Amazon, Google, GitHub, and Microsoft. The passwords were sent to a Ukraine-based server.

“On 4 September 2018 at 14:30 UTC, an unknown attacker uploaded a trojaned version of MEGA’s Chrome extension, version 3.39.4, to the Google Chrome webstore,” Mega.nz said in a blog post. “You are only affected if you had the MEGA Chrome extension installed at the time of the incident, auto update enabled and you accepted the additional permission, or if you freshly installed version 3.39.4.” Users accessing the service by typing in the URL into the browser are not affected.

In order to gain access to your passwords, Mega.nz explained that the malicious extension asks for elevated permissions, such as the ability to read and change data on all websites you visited, something that the legitimate version of the extension does not require or ask for. If you’re downloading a browser extension, computer program, or app from the internet — even from what is believed to be a trusted source, as this case proves — you should always review what permissions you’re granting. Additionally, users should also try to limit what they install to stay safe.

Users who downloaded the hacked version of the Chrome extension are advised to change their passwords for any affected sites that they use, including amazon.com, live.com, github.com, google.com (for web store login), myetherwallet.com, mymonero.com, and idex.market. Additionally, if you had submitted any information through web forms as plain text, hackers may have been able to capture that information as well.

It’s not immediately clear how hackers were able to hijack Mega.nz’s account to upload the malicious version of the browser extension to the Chrome web store or how many users were affected, though Mega.nz boasts having 100 million registered users. After the breach was discovered, Mega.nz uploaded a clean version of the extension, version 3.39.5, to the Chrome web store. If you had downloaded the trojanized version of the extension, the browser extension should auto-update to the clean version. Google has also removed the malicious version of the extension.

The best bet to stay safe when it comes to browser extension is to not download any extension you won’t need. Like malicious apps, there have been reports in the past of malicious extensions. However, as the incident with Mega.nz demonstrates, even legitimate extension can be hacked, leaving your passwords exposed.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Chrome is making a key change to protect you from phishing
Google Chrome with pinned tabs on a MacBook on a table.

Phishing campaigns -- where a fraudulent website or email is made to look like it comes from a legitimate source -- have caused a huge amount of destruction, leading to untold numbers of virus infections and money lost through scams. Google has just rolled out a powerful way to fight phishing in its Chrome browser, however, and it could help you avoid falling victim.

As part of Chrome’s 15th-anniversary update, Google will be pushing its Enhanced Safe Browsing feature to all users in the coming weeks. This checks website URLs against a list of malicious sites stored on Google’s cloud servers, all in real time. If a match is found, the website is blocked and a warning is displayed to users.

Read more
This Google Chrome feature may save you from malware
Google Chrome app on s8 screen.

There are probably hundreds of thousands of Google Chrome extensions out there, and with so many options to choose from, it can be hard to know whether the plugin you want to install is hiding malware nasties.

That could become a thing of the past, though, as Google is testing a feature that will warn you if an extension you installed has been removed from its Chrome Web Store.

Read more
These 2 new Edge features are making Chrome look outdated
Copilot in Windows being used in the side panel.

Microsoft has announced a host of updates that will soon be available for its Edge browser, including the Microsoft 365 Copilot feature and Sidebar app support for developers.

The company is showcasing the new features during its annual Build developer conference, which is currently taking place from May 23 through May 25.

Read more