Monero Cautions Vulnerability in MEGA Chrome September 6, 2018

Monero Cautions Vulnerability in MEGA Chrome

The team behind Monero (XMR), a cryptocurrency focused on privacy and anonymity, has cautioned users that the recently published MEGA Chrome extension has been compromised, leaving Monero tokens and other private data vulnerable to pilferage.

The MEGA Chrome (version 3.39.4) offers improved browsing experience, while reducing the loading time of web pages. It also offers a cloud storage system, but leaves the cryptocurrency exposed to hackers. Both Monero and users who have been compromised have announced the vulnerability.

A Reddit user has claimed that the updated version behaves in a suspicious manner.

“There was an update to the extension and Chrome asked for new permission (read data on all websites). That made me suspicious and I checked the extension code locally (which is mostly javascript anyways). MEGA also has the source code of the extension on github… There was no commit recently. To me it looks either their Google Webstore account was hacked or someone inside MEGA did this. Pure speculation though.”

Chrome Webstore has removed the extension after reports about compromised systems surfaced on the internet. Presently, the download link shows a 404 error.



PSA: The official MEGA extension has been compromised and now includes functionality to steal your Monero: https://t.co/vzWwcM9E5k — Monero || #xmr (@monero) September 4, 2018



Hackers often target Monero because of the privacy features it offers. A few months before, over 200,000 routers were exploited by a cryptojacking incident targeting Monero. Furthermore, there have been several reports of malicious malware using unauthorized computing power to mine Monero. The cryptocurrency is often the choice of hackers because of its proof-of-work consensus algorithm, CryptoNight, designed to run smoothly on consumer CPUs.