MEGA Chrome Extension Compromised to Steal Users' Monero

The MEGA Chrome extension version 3.39.4 has been compromised and can now steal user's Monero in addition to other sensitive information, according to recent posts on Twitter and Reddit.

MEGA Chrome extension is a tool that claims to improve browser performance by reducing page loading times, in addition to providing a secure cloud storage service.

The official Twitter account of Monero posted a warning, advising XMR holders to steer clear of MEGA.PSA: The official MEGA extension has been compromised and now includes functionality to steal your Monero: https://t.

Monero || #xmr September 4, 2018 Another user tweeted that, in addition to Monero, the extension could also steal sensitive user data.

"There was an update to the extension and Chrome asked for new permission. That made me suspicious and I checked the extension code locally. MEGA also has the source code of the extension on github [] There was no commit recently. To me it looks either their Google Webstore account was hacked or someone inside MEGA did this. Pure speculation though."

At press time, the MEGA Chrome extension was unavailable for download on the Chrome Webstore.

Clicking the link for the extension resulted in a 404 error.

In several instances, cryptojackers have used the computer power of web visitors to secretly mine XMR. In June, a McAfee report found 2.9 million samples of coin miner malware, which works by using Coinhive code - a program designed to mine XMR on a web browser.

The hackers were hijacking machines to mine XMR and Zcash, among other cryptocurrencies.

Total earnings were estimated to be $209,000 for Monero alone.