Thursday, August 22, 2019
  • Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards
  • 2019 Data Breaches: On Track to Be the Worst Year
  • Hosted RADIUS
  • BEC Attacks: How CEOs and Executives are Put at Risk
  • Building Microservice Architecture on Kubernetes

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Digital Currency Identity & Access SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Compromised Chrome Extension Snooped on Users’ Credentials, Cryptocurrency Private Keys

Compromised Chrome Extension Snooped on Users’ Credentials, Cryptocurrency Private Keys

by David Bisson on September 5, 2018

Someone compromised a Google Chrome extension with malicious code designed to snoop on users’ account credentials and cryptocurrency private keys.

On 4 September, a security researcher who goes by the name “SerHack” tweeted out a warning about version 3.39.4 of the Chrome extension for MEGA.nz, a cloud storage and file sharing service.

!!! WARNING !!!!!!! PLEASE PAY ATTENTION!!

LATEST VERSION OF MEGA CHROME EXTENSION WAS HACKED.

Version: 3.39.4

It catches your username and password from Amazon, GitHub, Google, Microsoft portals!! It could catch #mega #extension #hacked@x0rz pic.twitter.com/TnPalqj1cz

— SerHack (@serhack_) September 4, 2018

The compromised Chrome extension was capable of monitoring for login form submissions to Amazon, GitHub, Google and Microsoft. As analyzed by Bleeping Computer, it also had the ability to inspect a form submission URL for variables like “username” and “password.” Additionally, the extension monitored for three URL patterns–“https://www.myetherwallet.com/*,” “https://mymonero.com/*,” and “https://idex.market/*”–for the purpose of stealing a user’s cryptocurrency private keys.

This data tracking culminated in the extension sending out any variables and credentials it found to a host based in Ukraine.

Security researchers examined the Firefox version of MEGA.nz and determined that it was clean of malicious behavior.

According to a MEGA.nz blog post, the company’s admins uploaded a clean version of the Chrome extension (3.39.5) four hours after a bad actor uploaded the compromised version. Just an hour after that fix, Google removed the updated extension from its Chrome store.

The MEGA.nz team went on to express regret for the event but not without placing some of the blame on Google for its Chrome extension signing policies:

We would like to apologise for this significant incident. MEGA uses strict release procedures with multi-party code review, robust build workflow (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/compromised-chrome-extension-snooped-on-users-credentials-cryptocurrency-private-keys/

September 5, 2018September 5, 2018 David Bisson Chrome, cryptocurrency, IT Security and Data Protection, Latest Security News, Password
  • ← Semafone Adds Avtex to Channel Partner Portfolio
  • The (ISC)² CAP Exam Updates – October 2018 →

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

IoT Security: It’s Time Enterprises Take Responsibility
Texas Does Ransomware Bigger: 23 Local Gov’ts Attacked
Biometrics, Facial Recognition, Privacy, Security and the Law
Personality Traits: Key to More Effective Security Training?
Chinese Accounts Punted Off Twitter, Facebook for Dissing Hong Kong
Lauded Nigerian Entrepreneur may be a BEC Yahoo Boy
Patching the Iron Tail Is Easier Said Than Done
Biometric Security Data Breach, Critical Windows Vulnerabilities, FBI Data Harvesting
The rise of hybrid cloud poses new security challenges – are you prepared?
Safe-T SDP- Why Rip and Replace your VPN?

Upcoming Webinars

Sep 05

Automating Container Security with AWS and Lacework

September 5 @ 2:00 pm - 3:00 pm
Sep 23

The Next Generation of Application Security

September 23 @ 1:00 pm - 2:00 pm
Oct 21

Open Source Security – Weighing the Pros and Cons

October 21 @ 1:00 pm - 2:00 pm
Nov 11

Trends in Threat Analysis

November 11 @ 1:00 pm - 2:00 pm
Dec 09

Cloud Security – Keeping Serverless Data Safe

December 9 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

Speed and Scale: How Machine Identity Protection is Crucial for Digital Transformation and DevOps

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Side-Channel Attacks: Cyber Warfare’s New Battleground
Cybersecurity Industry Spotlight Security Boulevard (Original) Threat Intelligence 

Side-Channel Attacks: Cyber Warfare’s New Battleground

August 22, 2019 Bill Conner | Yesterday 0
Rating: How Current Cybersecurity Issues Can Affect Future Profitability
Cybersecurity Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) 

Rating: How Current Cybersecurity Issues Can Affect Future Profitability

August 21, 2019 Jody Paterson | 1 day ago 0
The Journey of Securing a Long-Tail Supply Chain
Cybersecurity Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) 

The Journey of Securing a Long-Tail Supply Chain

August 20, 2019 Greg Sim | 2 days ago 0

Top Stories

MoviePass Spills Card Info and Passwords From Unsecured Database
Application Security Cloud Security Cybersecurity Data Security Featured News Security Boulevard (Original) Spotlight 

MoviePass Spills Card Info and Passwords From Unsecured Database

August 22, 2019 Richi Jennings | Yesterday 0
Box Shield Embeds Security Controls in Document Service
Cloud Security Cybersecurity Featured News Security Boulevard (Original) Spotlight 

Box Shield Embeds Security Controls in Document Service

August 21, 2019 Michael Vizard | 1 day ago 0
Texas Does Ransomware Bigger: 23 Local Gov’ts Attacked
CISO Suite Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Malware News Security Boulevard (Original) Social Engineering Spotlight Threats & Breaches Vulnerabilities 

Texas Does Ransomware Bigger: 23 Local Gov’ts Attacked

August 19, 2019 Richi Jennings | 3 days ago 0

Security Humor

via   the Comic Noggins of  Nitrozac  and  Snaggy  at  The Joy of Tech®

The Joy of Tech®, ‘When They Change The Coffee Lids…’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

WAF Signal Sciences application firewall security

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.