Google Chrome Browser Extension is being hacked - Share it now to stop propagation....!!!

VARINDIA- INDIA'S FRONTLINE IT MAGAZINE

Google Chrome Browser Extension is being hacked - Share it now to stop propagation....!!!
Warning ! If you are using Chrome browser extension from the MEGA file storage service, uninstall it right now.

The most popular Mega chrome extension is being hacked by an attacker's server located at megaopac host in Ukraine and replaced with a bundle of PUP Malware for Stealing your Security Information

Most of us are popular with the chrome browser and it occupies 59% Browser share world wide with complairsion to other browsers like Internet Explorer, Safari, Firefox and Opera.Google's strong marketing strategy for Chrome certainly contributed (and continues to contribute) to the browser's success. Besides actively stimulating interest in Chrome through marketing, Google's own credibility and reputation passively attract attention to Chrome. Chrome itself famous for its Simplicity and Technologies. Chrome wants the user to focus on the web content without distraction from the browser's UI.

But two days ago, on 4th of September an insightful PUP ( Potentially Unwanted Programs) attack happend to the Mega Chrome Extension globally. Basically the Mega Chrome chrome extension (from Mega.nz) supports file hosting and sharing services, which has been compromised by an attacker who uploaded a malicious version of MEGA's Chrome extension, version 3.39.4, to the Google Chrome web store. This PUP enabled malicious version is capable of stealing users' credentials for popular websites like Amazon, Microsoft, Github, and Google, as well as private keys for user’s cryptocurrency wallets and other bankers Information.

The official Twitter account of Monero (XMR) also posted a warning about the incident, saying that the malicious MEGA extension also includes functionality to steal Monero cryptocurrency and advising Monero holders to stay away from the extension. This hack was first discovered by SerHack, a security researcher and contributor to the Monero project, who immediately tweeted a warning that the 3.39.4 version of the MEGA Chrome extension was hacked.  Other security researchers quickly jumped into analyzing the extension and reporting their findings.

Although the company has not revealed the number of users affected by the security incident, it is believed that the malicious version of the MEGA Chrome extension may have been installed by tens of millions of users.

The Firefox version of MEGA has not been impacted or tampered with, and users accessing MEGA through its official website (https://mega.nz) without the Chrome extension are also not affected by the breach.

How it Penetrates :
During installation or auto-update, Mega would ask users to allow additional permission that would allow it to steal credentials from sites like Amazon, Github, and Google, along with online wallets such as MyEtherWallet and MyMonero in a freaky way.  If users had accepted the additional permissions or had auto-update enabled the malicious version will get downloaded thus compromising the entire personal information of the users. 

According to the researchers, only those users are affected who already had the MEGA Chrome extension installed at the time of the incident, auto update enabled, and they accepted the additional permission, or if users had freshly installed version 3.39.4.

The trojanized Mega extension then sent all the stolen information back to an attacker's server located at megaopac host in Ukraine, which is then used by the attackers to log in to the victims' accounts, and also extract the cryptocurrency private keys to steal users' digital currencies.

The Buttom Line : How to be Safe ???

Comments

Post a Comment

Popular posts from this blog

N Chandrasekaran appointed chairman of Tata Sons

Image
The board of directors of Tata Sons, at its meeting has unanimously appointed N Chandrasekaran as executive chairman, Tata Sons. N Chandrasekaran shall take charge from February 21, 2017. The board of Tata Sons said, “Chandrasekaran has demonstrated exemplary leadership as the chief executive officer and managing director, Tata Consultancy Services. We believe he will now inspire the entire Tata group to realise its potential acting as leaders in their respective businesses, always in keeping with our value system and ethics and adhering with the practices of the Tata group which have stood it in good stead.” Chandrasekaran was the chief executive officer and managing director of Tata Consultancy Services since 2009. A Tata lifer, he had joined the company in 1987 and was appointed as a director on the board of Tata Sons on October 25, 2016.
Read more

DoT Secretary hints at making Draft NTP 2018 available in public domain soon

Image
“A draft National Telecom Policy 2018 that is liberal and non-prescriptive in its licensing approach in Machine to Machine (M2M) communication is being given final touches. The policy should be in the public domain in the next two to three weeks for discussion and responses from stakeholders,” said Aruna Sundararajan, Secretary, Department of Telecom, Ministry of Communications. Aruna Sundararajan said, “M2M is the next big opportunity for India in terms of its impact and the quantum change that it will bring about in the quality of services and delivery. The favourable impact of M2M on job creation had already set in as seen by the arrival of the first set of start-ups in the areas such as agriculture, smart cities, healthcare and water management.” She stressed that NTP 2018 would be transformative in harnessing the full benefits of M2M communications. She further said that in the M2M framework the focus would be on low-cost manufacturing, where exciting innovatio
Read more

Visa buys NFT based CryptoPunk and paid $150,000 in Etherium

Image
Visa buys NFT based CryptoPunk and paid $150,000 in Etherium:  Leader in the digital payments   Visa   has purchased a digital CryptoPunk for $150,000, marking the company's first ever   NFT   purchase. The deal is clearly shows that, Visa is stepping into the world of NFTs with its purchase of   CryptoPunk 7610 .   Going forward, NFTs and Visa to align and integrate them in new brand strategy to gain a sizable market share. However, NFTs have often been compared to physical collectible items like rare trading cards and works of art.   The CryptoPunk 7610, which feBlatures a female punk with a mohawk and large green eyes. "We envision there could be a future where your crypto address becomes as important as your mailing address," Visa's Head of Crypto said.   An NFT - which stands for non-fungible token - is a unique digital asset designed to represent ownership of a virtual item. Unlike bitcoin and other cryptocurrencies, NFTs can’t be exchanged like-for-like with an
Read more