Compromised Chrome Extension Snooped on Users’ Credentials, Cryptocurrency Private Keys - Security Boulevard
Tuesday, October 26, 2021
  • Thwarting Phishing Threats With Simulations
  • Hysolate Support for Windows 11
  • Can you Become Ransomware-Proof?
  • SECURING THE SOFTWARE SUPPLY CHAIN STARTS WITH A SOFTWARE BILL OF MATERIALS (SBOM)
  • Conti Ransom Gang Starts Selling Access to Victims

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • DevOps Institute
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Digital Currency Identity & Access SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Compromised Chrome Extension Snooped on Users’ Credentials, Cryptocurrency Private Keys

SBN Compromised Chrome Extension Snooped on Users’ Credentials, Cryptocurrency Private Keys

by David Bisson on September 5, 2018

Someone compromised a Google Chrome extension with malicious code designed to snoop on users’ account credentials and cryptocurrency private keys.

DevOps Experience

On 4 September, a security researcher who goes by the name “SerHack” tweeted out a warning about version 3.39.4 of the Chrome extension for MEGA.nz, a cloud storage and file sharing service.

!!! WARNING !!!!!!! PLEASE PAY ATTENTION!!

LATEST VERSION OF MEGA CHROME EXTENSION WAS HACKED.

Version: 3.39.4

It catches your username and password from Amazon, GitHub, Google, Microsoft portals!! It could catch #mega #extension #hacked@x0rz pic.twitter.com/TnPalqj1cz

— SerHack (@serhack_) September 4, 2018

The compromised Chrome extension was capable of monitoring for login form submissions to Amazon, GitHub, Google and Microsoft. As analyzed by Bleeping Computer, it also had the ability to inspect a form submission URL for variables like “username” and “password.” Additionally, the extension monitored for three URL patterns–“https://www.myetherwallet.com/*,” “https://mymonero.com/*,” and “https://idex.market/*”–for the purpose of stealing a user’s cryptocurrency private keys.

This data tracking culminated in the extension sending out any variables and credentials it found to a host based in Ukraine.

Security researchers examined the Firefox version of MEGA.nz and determined that it was clean of malicious behavior.

According to a MEGA.nz blog post, the company’s admins uploaded a clean version of the Chrome extension (3.39.5) four hours after a bad actor uploaded the compromised version. Just an hour after that fix, Google removed the updated extension from its Chrome store.

The MEGA.nz team went on to express regret for the event but not without placing some of the blame on Google for its Chrome extension signing policies:

We would like to apologise for this significant incident. MEGA uses strict release procedures with multi-party code review, robust build workflow (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/compromised-chrome-extension-snooped-on-users-credentials-cryptocurrency-private-keys/

September 5, 2018September 5, 2018 David Bisson Chrome, cryptocurrency, IT Security and Data Protection, Latest Security News, Password
  • ← Semafone Adds Avtex to Channel Partner Portfolio
  • The (ISC)² CAP Exam Updates – October 2018 →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Most Read on the Boulevard

Zuckerberg Accused Personally in Cambridge Analytica Next Shoe
Disable Time Sync NOW—Ugly GPSd Bug Brings Sunday FAILs
Why Not Hold Ransomware Attackers Hostage for a Change?
Understanding and Addressing Insider Threats
U.S. Senate Bill Would Require Digital Signatures for Court Documents
Premium SMS Scam Apps on Play Store | Avast
DEF CON 29 Aerospace Village – Panel: True Story, Hackers In The Aerospace Sector’
CISO Stories Podcast: NotPetya – 45 Minutes and 10,000 Servers Encrypted
CISA Warns of Water, Wastewater Infrastructure Security Threats on Heels of Insider Threat Self-Assessment Tool Release
Human Hacking and Multi-Channel Phishing is Surging

Upcoming Webinars

Tue 26

How to Give Everyone Access to Your Data and Still Keep it Safe

October 26 @ 11:00 am - 12:00 pm
Nov 01

Fixing Hardcoded Secrets the Developer-Friendly Way

November 1 @ 3:00 pm - 4:00 pm
Nov 09

API Security, Privacy and Governance: Shift Left DevOps and DevSecOps?

November 9 @ 12:00 pm - 1:00 pm
Nov 09

Helping People Adopt DevSecOps in the Federal Government (and the Enterprise)

November 9 @ 3:00 pm - 4:00 pm
Nov 18

Modern Ransomware: How We Got Here and Where We’re Going

November 18 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

U.S. Senate Bill Would Require Digital Signatures for Court Documents
Cyberlaw Cybersecurity Data Security Editorial Calendar Governance, Risk & Compliance Identity & Access Industry Spotlight Regulatory Compliance Security Boulevard (Original) 

U.S. Senate Bill Would Require Digital Signatures for Court Documents

October 25, 2021 Stephen Davidson | Yesterday 0
5 Reasons the Public Sector Must Move Away From Legacy IT
Careers Cloud Security Cybersecurity Data Security Governance, Risk & Compliance Industry Spotlight Security Awareness Security Boulevard (Original) Vulnerabilities 

5 Reasons the Public Sector Must Move Away From Legacy IT

October 19, 2021 Jake Madders | Oct 19 0
Empowering the Cybersecurity Workforce
Careers CISO Suite Cybersecurity Industry Spotlight Security Awareness Security Boulevard (Original) 

Empowering the Cybersecurity Workforce

October 18, 2021 Jon Check | Oct 18 0

Top Stories

FTC: ISPs are Spying on You. ISPs: Deal With It.
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Featured Governance, Risk & Compliance Incident Response Network Security News Regulatory Compliance Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches 

FTC: ISPs are Spying on You. ISPs: Deal With It.

October 25, 2021 Richi Jennings | Yesterday 0
Menlo Security Survey Sees Orgs Reevaluating Remote Access Strategy
Cloud Security Cybersecurity Data Security Endpoint Featured Identity & Access Mobile Security Network Security News Security Boulevard (Original) Spotlight 

Menlo Security Survey Sees Orgs Reevaluating Remote Access Strategy

October 25, 2021 Michael Vizard | Yesterday 0
Disable Time Sync NOW—Ugly GPSd Bug Brings Sunday FAILs
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Editorial Calendar Endpoint Featured Governance, Risk & Compliance Incident Response IoT & ICS Security Mobile Security Network Security News Regulatory Compliance Securing Open Source Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Disable Time Sync NOW—Ugly GPSd Bug Brings Sunday FAILs

October 22, 2021 Richi Jennings | 3 days ago 0

Security Humor

Robert M. Lee's & Jeff Haas' Little Bobby Comic - 'WEEK 352'

Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 352’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • DevOps Institute
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2021 Techstrong Group Inc. All rights reserved.