Thursday, March 4, 2021
  • The Case for Collective Defense of the Public Sector
  • Sellers Buying 5-Star Amazon Reviews
  • Corporate Cyber Threats and the Need for Executive Protection
  • Chinese Exchange Hack: At Best, Microsoft is Incompetent
  • Okta Acquisition of Auth0 Signals DevSecOps Shift Left

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Digital Currency Identity & Access SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Compromised Chrome Extension Snooped on Users’ Credentials, Cryptocurrency Private Keys

Compromised Chrome Extension Snooped on Users’ Credentials, Cryptocurrency Private Keys

by David Bisson on September 5, 2018

Someone compromised a Google Chrome extension with malicious code designed to snoop on users’ account credentials and cryptocurrency private keys.

On 4 September, a security researcher who goes by the name “SerHack” tweeted out a warning about version 3.39.4 of the Chrome extension for MEGA.nz, a cloud storage and file sharing service.

!!! WARNING !!!!!!! PLEASE PAY ATTENTION!!

LATEST VERSION OF MEGA CHROME EXTENSION WAS HACKED.

Version: 3.39.4

It catches your username and password from Amazon, GitHub, Google, Microsoft portals!! It could catch #mega #extension #hacked@x0rz pic.twitter.com/TnPalqj1cz

— SerHack (@serhack_) September 4, 2018

The compromised Chrome extension was capable of monitoring for login form submissions to Amazon, GitHub, Google and Microsoft. As analyzed by Bleeping Computer, it also had the ability to inspect a form submission URL for variables like “username” and “password.” Additionally, the extension monitored for three URL patterns–“https://www.myetherwallet.com/*,” “https://mymonero.com/*,” and “https://idex.market/*”–for the purpose of stealing a user’s cryptocurrency private keys.

This data tracking culminated in the extension sending out any variables and credentials it found to a host based in Ukraine.

Security researchers examined the Firefox version of MEGA.nz and determined that it was clean of malicious behavior.

According to a MEGA.nz blog post, the company’s admins uploaded a clean version of the Chrome extension (3.39.5) four hours after a bad actor uploaded the compromised version. Just an hour after that fix, Google removed the updated extension from its Chrome store.

The MEGA.nz team went on to express regret for the event but not without placing some of the blame on Google for its Chrome extension signing policies:

We would like to apologise for this significant incident. MEGA uses strict release procedures with multi-party code review, robust build workflow (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/compromised-chrome-extension-snooped-on-users-credentials-cryptocurrency-private-keys/

September 5, 2018September 5, 2018 David Bisson Chrome, cryptocurrency, IT Security and Data Protection, Latest Security News, Password
  • ← Semafone Adds Avtex to Channel Partner Portfolio
  • The (ISC)² CAP Exam Updates – October 2018 →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Social Media Risks Increasing in 2021
Betting Big on Identity and Authentication
Twitter Removes Russian Disinformation Accounts
Edge Computing Growth Drives New Cybersecurity Concerns
Survey Finds Low Confidence in Medical Device Security
What is a Man-in-the-Middle Attack? Detection and Prevention Tips
Cyber Security Roundup for March 2021
DoD: Get Started With a CMMC Self-Assessment Now | Apptega
CISO Stories Podcast: Without Building a CISO EQ, You May Be On Your Own
Fixing the “Human Error” Problem

Upcoming Webinars

Tue 09

Zero Trust Journey – A Security Leader’s Story

March 9 @ 11:00 am - 12:00 pm
Mon 15

Don’t Get Attached to Your Attachment!

March 15 @ 9:00 am - 10:00 am
Mon 15

Managing Security in a Decentralized World

March 15 @ 1:00 pm - 2:00 pm
Wed 17

API Security: Everything You Need to Know To Protect Your APIs

March 17 @ 1:00 pm - 2:00 pm
Mon 22

The Main Application Security Technologies to Adopt in 2021

March 22 @ 1:00 pm - 2:00 pm
Wed 31

The Anatomy of an Account Takeover Attack

March 31 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

A Close Call Prompts Security Reassessment
Application Security Cybersecurity Data Security Industry Spotlight Malware Security Boulevard (Original) 

A Close Call Prompts Security Reassessment

March 4, 2021 Rui Ribeiro | 15 hours ago 0
Breach Clarity Data Breach Report: Week of March 1
Cybersecurity Industry Spotlight Security Boulevard (Original) Threats & Breaches Vulnerabilities 

Breach Clarity Data Breach Report: Week of March 1

March 3, 2021 Kyle Marchini | Yesterday 0
Betting Big on Identity and Authentication
Application Security Cloud Security Cybersecurity Data Security Endpoint Identity & Access Industry Spotlight Network Security Security Boulevard (Original) 

Betting Big on Identity and Authentication

March 1, 2021 Raz Rafaeli | 3 days ago 0

Top Stories

Chinese Exchange Hack: At Best, Microsoft is Incompetent
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Chinese Exchange Hack: At Best, Microsoft is Incompetent

March 4, 2021 Richi Jennings | 5 hours ago 0
Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it

March 2, 2021 Richi Jennings | 2 days ago 0
‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It

February 26, 2021 Richi Jennings | Feb 26 0

Security Humor

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech® !

Joy Of Tech® ‘Google Goes All Pro-Privacy!’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.