Skip to main content

Another Chrome Extension Is Stealing Passwords

By September 18, 2018June 3rd, 2022Cybersecurity

Do you use the Chrome browser extension for the MEGA file storage service? If you do, please read this article carefully. The official extension for that service has been compromised. It has been replaced with a malware version that has the capability to steal user login data for a number of popular websites, including Github, Google, Amazon, Microsoft and more.

The extension was compromised on September 4th, when an unknown attacker breached MEGA’s Chrome Web Store account and uploaded the poisoned version of the extension. Any user who installs it is at risk of having their other login credentials stolen.

It gets worse. If you allow auto-updates, then the poisoned version of the extension would have automatically “updated” on your PC or smartphone when the malware was uploaded. Note that when the extension attempted to update, it would have asked users for elevated permissions. Those elevated permissions would allow the extension access to personal information, which is the mechanism by which the credentials are stolen.

The poisoned file was in place for a total of four hours before it was found, eradicated and replaced by a clean version (version 3.39.5).

According to MEGA:

“You are only affected if you had the MEGA Chrome extension installed at the time of the incident, auto update enabled, and you accepted the additional permission, or if you freshly installed version 3.39.4.”

If you think there’s even a chance you were impacted by this event, your best bet would be an across-the-board change of all your passwords, as there’s no way to be sure which ones may have been compromised.

Two things to note here: The Firefox extension was not impacted. This applies only to chrome users who have the MEGA extension installed. Also, you should check your extension version number immediately to be sure you’re not running version 3.39.4. If you are, uninstall it immediately and grab the clean version referenced above.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.