Of the many features that make Google Chrome the mode-popular web browser in the world, extensions are probably the most important. These functionality-enhancing add-ons allow you to edit photos, listen to music, block ads, and do a lot more. Generally, extensions downloaded from Chrome s Web Store are safe and secure, but sometimes, things can go south. Also Read - A nasty malware is affecting Google Chrome, other browsers, warns MicrosoftAlso Read - Google Chrome OS 87 rollout begins, here are all the features it offers Also Read - Google confirms a fix for Chrome crashing issue on Apple Macs with M1 chip
In one such incident, popular cloud storage and file-hosting service Mega.nz had its Google Chrome extension compromised by hackers. The miscreants uploaded a malicious version of the extension to the Chrome Web Store, with the intention of stealing users login credentials for different online accounts.
Warning users about the incident, a blog post on Mega.nz s website noted, On 4 September 2018 at 14:30 UTC, an unknown attacker uploaded a trojaned version of MEGA’s Chrome extension, version 3.39.4, to the Google Chrome webstore. Upon installation or auto-update, it would ask for elevated permissions (Read and change all your data on the websites you visit) that MEGA’s real extension does not require and would (if permissions were granted) exfiltrate credentials for sites including amazon.com, live.com, github.com, google.com (for webstore login), myetherwallet.com, mymonero.com, idex.market and HTTP POST requests to other sites, to a server located in Ukraine. Note that mega.nz credentials were not being exfiltrated.
Watch: Microsoft Surface Book 2 First Look
It s worth mentioning that only those users who had Mega s extension installed and configured to automatically update have been affected. The service has advised all those users to update their credentials on all websites/services that they access via Google Chrome.
Thankfully, Mega.nz updated the extension with a clean version (3.39.5), automatically updating affected installations. Just a little after that, Google removed the hacked extension from the Chrome Web Store.
When we checked ourselves, a new version (3.40.1) of the extension, updated on September 6, 2018, is available on the Chrome Web Store.