Unfortunately, I did not any research about this. Megaopachost domain seems to have a login panel. "That infrastructure has heavily targeted $xmr, $eth, and more in the past via and related to AWS/MEW BGP hack"– Jeremiah O'Connor 18:09 UTC on 4th September 2018
#Megasync google chrome password
It catches your username and password from Amazon, GitHub, Google, Microsoft portals!! It could catch #mega #extension #hacked /TnPalqj1cz- SerHack Septem17:45 UTC on 4th September 2018Ī security engineer, Jeremiah O’Connor, confirmed that infrastructure was related to AWS/MEW BGP attack. LATEST VERSION OF MEGA CHROME EXTENSION WAS HACKED. !!! WARNING !!!!!!! PLEASE PAY ATTENTION!! The InfoSec Community and some security researches confirmed this issue.
Then it happens! I discovered a keylogger which could log password, username and even sessions! 17:16 UTC on 4th September 2018Īfter the discovering of keylogging, I posted a warning on Twitter.
#Megasync google chrome code
I supposed “Whoa, another security issue” but I was looking for the source code too. Then he posted this thread for having some confirmations from the community.Īnd I’ll read it. He was looking for its source code and he discovered a probably cryptocurrency-keys logging. The Chrome browser originally asked for new permissions about reading all the content from a web page. 16:00 UTC on 4th September 2018Ī reddit user (/u/gattacus) noticed some unwanted changes to the latest version of Mega Chrome Extension. A new MEGA Chrome extension version (3.39.4) has been uploaded.
Detailed timeline 14:30 UTC on 4th September 2018Īn unknown attacked managed to log into the Chrome Extension Store profile, used by MEGA Team. The trojanized Mega extension then sent all the stolen information back to an attacker’s server located at megaopachost in Ukraine, which is then used by the attackers to log in to the victims’ accounts, and also extract the cryptocurrency private keys to steal users’ digital currencies. Upon installation or auto-update, the malicious extension asked for elevated permissions to access personal information, allowing it to steal login/register credentials from ANY websites like Amazon, Github, and Google, along with online wallets such as MyEtherWallet and MyMonero, and Idex.market cryptocurrency trading platform. On 4 September at 14:30 UTC, an unknown attacker managed to hack into MEGA’s Google Chrome web store account and upload a malicious version 3.39.4 of an extension to the web store, according to a blog post published by the company.
0 kommentar(er)
