Security News Mega's Chrome extension suffers breach

[BoraMurdar]

Content source

https://mega.nz/blog_47

On 4 September 2018 at 14:30 UTC, an unknown attacker uploaded a trojaned version of MEGA's Chrome extension, version 3.39.4, to the Google Chrome webstore. Upon installation or autoupdate, it would ask for elevated permissions (Read and change all your data on the websites you visit) that MEGA's real extension does not require and would (if permissions were granted) exfiltrate credentials for sites including amazon.com, live.com, github.com, google.com (for webstore login), myetherwallet.com, mymonero.com, idex.market and HTTP POST requests to other sites, to a server located in Ukraine. Note that mega.nz credentials were not being exfiltrated.

Four hours after the breach occurred, the trojaned extension was updated by MEGA with a clean version (3.39.5), autoupdating affected installations. Google removed the extension from the Chrome webstore five hours after the breach.

 

[Black Wings]

Ops! It's hard not to be paranoid today.

 

[Local Host]

Another reason to not fill your browser with unneeded extensions.

 

[BoraMurdar]

As I read now, it's actually a Google's fault

 

[Local Host]

As I read now, it's actually a Google's fault

Google Store is far from secure, even their Play Protect is useless.

 

[Ink]

Ironic. Awaiting to hear how MEGA's Google account was compromised.

You can inspect the affected v3.39.4 extension on Dropbox, via reddit (below).

https://np.reddit.com/r/Monero/comments/9cx7cc/dont_use_mega_chrome_extension_version_3394/

Another reason to not fill your browser with unneeded extensions.

The MEGA extension claims to "reduce loading times, improve download performance and strengthen security", so of course MEGA customers are bound to install it. (Browser Extensions)

FP - Flagged by WD SmartScreen.

Google Store is far from secure, even their Play Protect is useless.

*can be improved.

 

[Venustus]

Beware of ANY extension that you install!!Many can be compromised quite easily!

 

[Deleted member 178]

The original extension was useless, it was just a bookmark. I wonder why people would use an extension when you have the sync client.

 

[Gandalf_The_Grey]

Beware of ANY extension that you install!!Many can be compromised quite easily!

Great advice When visiting forums like this one you see new extensions and/or new security software almost everyday.
The real challenge of a good security configuration is to get the most protection while using only a few well chosen extensions and software.
The Malware Hub, @Evjl's Rain extension testing and video reviews like the ones performed by @cruelsister are great to see what working or not.
Maybe we can focus on reducing the amount of software used in PC Security Configuration instead of recommending to add more?

 

[Deleted member 178]

Maybe we can focus on reducing the amount of software used in PC Security Configuration instead of recommending to add more?

it is what some of us try to do, but we are a minority

 

[cruelsister]

this is an EXCELLENT thread!. Thank you, BoraMurdar!

It really is time that folks understand that the cutsey little extension they just installed may pose a greater threat than any malware that they may never see.

Extensions- JUST SAY NO

 

[upnorth]

If it wasn't for something called WebRTC I would agree 100%.