Thursday, September 24, 2020
  • Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack
  • [Analyst Report] 2021 Tag Cyber Security Annual
  • IoT Security Fundamentals: Hardware, Software and Radio Security
  • ON-DEMAND Webinar: Election Security: Defending our Democracy against Well-Resourced Adversaries [Video]
  • Using Base64 for Malware Obfuscation

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Digital Currency Identity & Access SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Compromised Chrome Extension Snooped on Users’ Credentials, Cryptocurrency Private Keys

Compromised Chrome Extension Snooped on Users’ Credentials, Cryptocurrency Private Keys

by David Bisson on September 5, 2018

Someone compromised a Google Chrome extension with malicious code designed to snoop on users’ account credentials and cryptocurrency private keys.

On 4 September, a security researcher who goes by the name “SerHack” tweeted out a warning about version 3.39.4 of the Chrome extension for MEGA.nz, a cloud storage and file sharing service.

!!! WARNING !!!!!!! PLEASE PAY ATTENTION!!

LATEST VERSION OF MEGA CHROME EXTENSION WAS HACKED.

Version: 3.39.4

It catches your username and password from Amazon, GitHub, Google, Microsoft portals!! It could catch #mega #extension #hacked@x0rz pic.twitter.com/TnPalqj1cz

— SerHack (@serhack_) September 4, 2018

The compromised Chrome extension was capable of monitoring for login form submissions to Amazon, GitHub, Google and Microsoft. As analyzed by Bleeping Computer, it also had the ability to inspect a form submission URL for variables like “username” and “password.” Additionally, the extension monitored for three URL patterns–“https://www.myetherwallet.com/*,” “https://mymonero.com/*,” and “https://idex.market/*”–for the purpose of stealing a user’s cryptocurrency private keys.

This data tracking culminated in the extension sending out any variables and credentials it found to a host based in Ukraine.

Security researchers examined the Firefox version of MEGA.nz and determined that it was clean of malicious behavior.

According to a MEGA.nz blog post, the company’s admins uploaded a clean version of the Chrome extension (3.39.5) four hours after a bad actor uploaded the compromised version. Just an hour after that fix, Google removed the updated extension from its Chrome store.

The MEGA.nz team went on to express regret for the event but not without placing some of the blame on Google for its Chrome extension signing policies:

We would like to apologise for this significant incident. MEGA uses strict release procedures with multi-party code review, robust build workflow (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/compromised-chrome-extension-snooped-on-users-credentials-cryptocurrency-private-keys/

September 5, 2018September 5, 2018 David Bisson Chrome, cryptocurrency, IT Security and Data Protection, Latest Security News, Password
  • ← Semafone Adds Avtex to Channel Partner Portfolio
  • The (ISC)² CAP Exam Updates – October 2018 →

TechStrong TV – Live Streaming

TechStrong TV - All Episodes
Featured Blog

blubracket

Git it right—How hackers exploit Git misconfigurations & what to do about it

blubracket

Uncovering Secrets in Code—A Case Study

blubracket

BluBracket Adds Stolen and Leaked Code Detection, Remediation to its CodeSecurity Suite

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

COVID-19 Leads to Greater Consumer Awareness of Data Security
Combating U.S. Election Cyberthreats
WeChat Banned, TikTok Saved
Feds Yell PATCH NOW over Windows AD ‘Zerologon’ Vuln
Encryption Requirements Driven by Data State
DEF CON 28 Safe Mode Red Team Village – Mazin Ahmed’s ‘Hacking Zoom: A Hackers Journey Into Zoom Security’
NIST SP 800-53 Gets One Step Closer to Becoming a Standard
Automate Reporting Across LDAP Apps, Networks, & Servers
DEF CON 28 Safe Mode Red Team Village – Ray Doyle’s ‘Weaponized XSS Moving Beyond Alert’
Online Learning Still Struggles – Especially With Security

Upcoming Webinars

Thu 24

Automating App Security with AI: How to Secure a Million Lines of Code in Five Minutes

September 24 @ 3:00 pm - 4:00 pm
Tue 29

Step-by-Step Guide to Protecting Web Apps with Google reCAPTCHA

September 29 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

Identifying Web Attack Indicators

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

APIs: Securing the Stitching Connecting Applications
Application Security Cybersecurity Industry Spotlight Security Boulevard (Original) 

APIs: Securing the Stitching Connecting Applications

September 23, 2020 Stan Wisseman | Yesterday 0
Applying Enterprise Access Lessons From COVID-19
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

Applying Enterprise Access Lessons From COVID-19

September 22, 2020 Tamir Hardof | 1 day ago 0
Combating U.S. Election Cyberthreats
Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) 

Combating U.S. Election Cyberthreats

September 21, 2020 Simon Hill | 2 days ago 0

Top Stories

Feds Yell PATCH NOW over Windows AD ‘Zerologon’ Vuln
Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response News Security Awareness Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

Feds Yell PATCH NOW over Windows AD ‘Zerologon’ Vuln

September 22, 2020 Richi Jennings | 1 day ago 0
Barracuda Networks Centralizes Security Across Azure SD-WAN
Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight 

Barracuda Networks Centralizes Security Across Azure SD-WAN

September 22, 2020 Michael Vizard | 1 day ago 0
U.S. Requires Servers to Ban TikTok, WeChat Traffic
Application Security Cybersecurity Featured News Security Boulevard (Original) Spotlight 

U.S. Requires Servers to Ban TikTok, WeChat Traffic

September 18, 2020 Mark Rasch | Sep 18 0

Security Humor

via the the webcomic talent of the inimitable Daniel Stori at turnoff.us

Daniel Stori’s ‘TCP Buddies’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2020 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.