Discover what’s new in Lansweeper – Explore our 2024 Summer Launch! 🚀 Learn more

TRY NOW
Vulnerability

MEGA Chrome Extension Hacked To Steal Private Keys And Passwords

1 min. read
06/09/2018
By Lansweeper
MegaChrome Extension Blog

Discover devices vulnerable to the MEGA Chrome extension hack

The popular Google Chrome Extension MEGA ( with over 1.700.000 users) was recently hacked and modified in order to steal your credentials and cryptocurrencies. “On 4 September 2018 at 14:30 UTC, an unknown attacker uploaded a trojaned version of MEGA’s Chrome extension, version 3.39.4, to the Google Chrome webstore. Upon installation or autoupdate, it would ask for elevated permissions (Read and change all your data on the websites you visit) that MEGA’s real extension does not require and would (if permissions were granted) exfiltrate credentials for sites including amazon.com, live.com, github.com, google.com (for webstore login), myetherwallet.com, mymonero.com, idex.market and HTTP POST requests to other sites, to a server located in Ukraine.” reads to the official statement on MEGA’s website. To help you discover whether your network environment might have been compromised, we have created the MEGA-report to help you find devices with the extension installed. Instructions on how to find affected devices can be found in this step-by-step guide.
NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.