MEGA Chrome Extension Hacked To Steal Private Keys And Passwords

MegaChrome Extension Blog

Discover devices vulnerable to the MEGA Chrome extension hack

The popular Google Chrome Extension MEGA ( with over 1.700.000 users) was recently hacked and modified in order to steal your credentials and cryptocurrencies.

"On 4 September 2018 at 14:30 UTC, an unknown attacker uploaded a trojaned version of MEGA's Chrome extension, version 3.39.4, to the Google Chrome webstore. Upon installation or autoupdate, it would ask for elevated permissions (Read and change all your data on the websites you visit) that MEGA's real extension does not require and would (if permissions were granted) exfiltrate credentials for sites including,,, (for webstore login),,, and HTTP POST requests to other sites, to a server located in Ukraine." reads to the official statement on MEGA's website.

To help you discover whether your network environment might have been compromised, we have created the MEGA-report to help you find devices with the extension installed.

Instructions on how to find affected devices can be found in this step-by-step guide.

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.‚Äč