Popular cloud storage service MEGA was hacked recently. The hackers attempted to steal the digital assets from the MEGA users.
According to the reports, the hack was carried out on September 4, 2018. The hackers successfully accessed the MEGA’s Chrome Store Profile and uploaded a malicious version of the tool. This allowed hackers to access the sensitive data on the users’ laptops since they gave all the permissions while installing the Google Chrome Extension.
!!! WARNING !!!!!!! PLEASE PAY ATTENTION!!
LATEST VERSION OF MEGA CHROME EXTENSION WAS HACKED.
— SerHack (@serhack_) September 4, 2018
The hack was first reported by SerHack who alerted the users via a tweet mentioning the hacked extension. He also noted that the tool potentially acquired the user credentials from various platforms, including Microsoft, Github, Google, and Amazon.
He also went on to share more details about the hack and quoted several researchers who were working on the attack. The hack was first discovered when it asked for elevated permissions, unlike the genuine extension. The data was being sent to a host in Ukraine and was hosted on Namecheap. After the hack came into light, Namecheap blocked the host and the domain. MEGA noted that the tool used elevated permissions to access various crypto wallets, such as MyEtherWallet and My Monero, as well as the decentralized exchange IDEX. The tool then acquired the credentials and used it to gain access to private RSA keys to stole crypto assets. MEGA confirmed the hack in their official blog post.
You are only affected if you had the MEGA Chrome extension installed at the time of the incident, autoupdate enabled and you accepted the additional permission, or if you freshly installed version 3.39.4. Please note that if you visited any site or made use of another extension that sends plain-text credentials through POST requests, either by direct form submission or through a background XMLHttpRequest process (MEGA is not one of them) while the trojaned extension was active, consider that your credentials were compromised on these sites and/or applications.
MEGA also confirmed that the hack only affected Google Chrome and Mozilla Firefox users are safe. That said, it might be a good idea to change passwords regardless of which browser you are using.
We would like to apologise for this significant incident. MEGA uses strict release procedures with multi-party code review, robust build workflow and cryptographic signatures where possible. Unfortunately, Google decided to disallow publisher signatures on Chrome extensions and is now relying solely on signing them automatically after upload to the Chrome webstore, which removes an important barrier to external compromise. MEGAsync and our Firefox extension are signed and hosted by us and could therefore not have fallen victim to this attack vector. While our mobile apps are hosted by Apple/Google/Microsoft, they are cryptographically signed by us and therefore immune as well.
Also if you’re someone who trades in cryptos or has crypto wallets then make sure you keep a close eye on your assets and also change your passwords as well as private RSA keys.
Via: Latest Hacking News