Tuesday, September 18, 2018
  • Secure Messaging for Enhanced Patient Engagement
  • MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’
  • 9 essential cybersecurity tips to protect your small business
  • Tesla key fob issues, Tor Browser zero-day woes, and you’ve got malware!
  • Listen Up! SentinelOne CEO on the Vendor CISO Relationship Podcast

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
Data Security Digital Currency Identity & Access SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Compromised Chrome Extension Snooped on Users’ Credentials, Cryptocurrency Private Keys

Compromised Chrome Extension Snooped on Users’ Credentials, Cryptocurrency Private Keys

by David Bisson on September 5, 2018

Someone compromised a Google Chrome extension with malicious code designed to snoop on users’ account credentials and cryptocurrency private keys.

On 4 September, a security researcher who goes by the name “SerHack” tweeted out a warning about version 3.39.4 of the Chrome extension for MEGA.nz, a cloud storage and file sharing service.

!!! WARNING !!!!!!! PLEASE PAY ATTENTION!!

LATEST VERSION OF MEGA CHROME EXTENSION WAS HACKED.

Version: 3.39.4

It catches your username and password from Amazon, GitHub, Google, Microsoft portals!! It could catch #mega #extension #hacked@x0rz pic.twitter.com/TnPalqj1cz

— SerHack (@serhack_) September 4, 2018

The compromised Chrome extension was capable of monitoring for login form submissions to Amazon, GitHub, Google and Microsoft. As analyzed by Bleeping Computer, it also had the ability to inspect a form submission URL for variables like “username” and “password.” Additionally, the extension monitored for three URL patterns–“https://www.myetherwallet.com/*,” “https://mymonero.com/*,” and “https://idex.market/*”–for the purpose of stealing a user’s cryptocurrency private keys.

This data tracking culminated in the extension sending out any variables and credentials it found to a host based in Ukraine.

Security researchers examined the Firefox version of MEGA.nz and determined that it was clean of malicious behavior.

According to a MEGA.nz blog post, the company’s admins uploaded a clean version of the Chrome extension (3.39.5) four hours after a bad actor uploaded the compromised version. Just an hour after that fix, Google removed the updated extension from its Chrome store.

The MEGA.nz team went on to express regret for the event but not without placing some of the blame on Google for its Chrome extension signing policies:

We would like to apologise for this significant incident. MEGA uses strict release procedures with multi-party code review, robust build workflow (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/compromised-chrome-extension-snooped-on-users-credentials-cryptocurrency-private-keys/

September 5, 2018September 5, 2018 David Bisson 0 Comments Chrome, cryptocurrency, IT Security and Data Protection, Latest Security News, Password
  • ← Semafone Adds Avtex to Channel Partner Portfolio
  • The (ISC)² CAP Exam Updates – October 2018 →
Featured Blog

2 weeks ago

A Brighter Future For DevSecOps? It’s Closer Than You Think

1 month ago

Secure Code Dojo: How to Defeat SQL Injection

2 months ago

Why gamification is the key to leveling up your software security

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

New Android Botnet Pops Up on Malware-as-a-Service Market
IT Security: Bomgar to Become BeyondTrust
China’s MSS Leveraging Students In, From U.S.
Study Finds Mobile Fraud, Threats Soar
Do You Have Security Champions in Your Company?
How to tell if an Android App is safe to install | Avast
Developing Cyber Security Incident Response Plans for Industrial Control Systems
40% of Managers Say Boards Should Oversee Cybersecurity, Survey Shows
BlackBerry Massively Steps Up Security Efforts to Address Threat Storm
8 critical safety tips for safer online banking

Upcoming Webinars

Jun 29

Security as Code

June 29, 2017 @ 1:00 pm - 2:00 pm
Wed 27

Better Training for Better Security

September 27, 2017 @ 1:00 pm - 2:00 pm
Jan 18

Your Resolution for 2018: Five Principles For Securing DevOps

January 18 @ 11:00 am - 12:00 pm
Apr 02

RSA 2018- What’s Hot in the Cyber Security Space

April 2 @ 1:00 pm - 2:00 pm
Feb 12

How Machine Learning & AI Will Improve Cyber Security

February 12 @ 1:00 pm - 2:00 pm
Jan 11

On-Demand Viewing: Is GDPR Getting Ready to Give Your Company the Left Hook?

January 11 @ 8:00 am - 5:00 pm
Feb 22

2018 – The Year Ahead in Cybersecurity

February 22 @ 11:00 am - 12:00 pm
Feb 15

Implementing Secure DevOps: Challenges and Opportunities

February 15 @ 1:00 pm - 2:00 pm
Mar 07

After the Data Breach: Stolen Credentials

March 7 @ 3:00 pm - 4:00 pm
Mar 01

Seven Deadly Saves To Security With Integrations

March 1 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

One Year Later - Lessons Learnt From The Equifax Breach

CISO/Security Vendor Relationship Series

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Do You Have Security Champions in Your Company?
Cybersecurity Industry Spotlight Security Awareness Security Boulevard (Original) 

Do You Have Security Champions in Your Company?

September 18, 2018 Shubham Vashist | 13 hours ago 0
What the Healthcare Industry Needs: Cybersecurity Pros
Cybersecurity Industry Spotlight Network Security Security Boulevard (Original) 

What the Healthcare Industry Needs: Cybersecurity Pros

September 13, 2018 Tom Gilheany | Sep 13 0
Security Gets ‘Baked In’ at VMworld
DevOps Industry Spotlight Security Boulevard (Original) 

Security Gets ‘Baked In’ at VMworld

September 12, 2018 Tim Woods | Sep 12 0

Top Stories

NVR Software Flaw Threatens Thousands of Devices
Featured IoT & ICS Security Network Security News Security Boulevard (Original) Spotlight Vulnerabilities 

NVR Software Flaw Threatens Thousands of Devices

September 18, 2018 Lucian Constantin | 6 hours ago 0
IT Security: Bomgar to Become BeyondTrust
Cybersecurity Featured Identity & Access News Spotlight 

IT Security: Bomgar to Become BeyondTrust

September 14, 2018 Michael Vizard | 4 days ago 0
New Android Botnet Pops Up on Malware-as-a-Service Market
Featured IoT & ICS Security Malware Mobile Security News Security Boulevard (Original) Spotlight Vulnerabilities 

New Android Botnet Pops Up on Malware-as-a-Service Market

September 14, 2018 Lucian Constantin | 4 days ago 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.