If the extension detected any of these form submissions or data variables, it would send the credentials and variables values to a host in Ukraine called. It would perform monitoring of any form submission where the URL contains the strings Register or Login or variables exist that are named “username”, “email”, “user”, “login”, “usr”, “pass”, “passwd”, or “password”. The hijacked MEGA extension then sent all the stolen information back to an attacker’s server located in Ukraine, which is then used by the attackers to log in to the victims accounts, and also extract the crypto currency private keys to steal user digital currencies.Īlthough the company has not revealed the number of users affected by the security incident, it is believed that the malicious version of the MEGA Chrome extension may have been installed by tens of millions of users. When installed the extension will monitor for specific login form submissions to Amazon, Microsoft, GitHub, and Google.
On 4 September at 14:30 UTC, an unknown attacker managed to hack into MEGA’s Google Chrome web store account and uploaded a malicious version 3.39.4 to the web store. A list of the target services includes the following: The Firefox version of MEGA has not been impacted or tampered with, and users accessing MEGA through its official website () without the Chrome extension are also not affected by the breach.Īll extracted information will be immediately reported to a hacker-controlled server located in Ukraine. As of January 20, 2018, Mega has 100 million registered users in more than 245 countries and territories, and more than 40 billion files have been uploaded to the service. This prevents anyone from accessing the files without knowledge of the pass key used for encryption. Mega is known for its security feature where all files are end-to-end encrypted locally before they are uploaded.
#Megasync google chrome android
Mega mobile apps are also available for Windows Phone, Android and iOS. The service is offered primarily through web-based apps. MEGA is a cloud storage and file hosting service offered by Mega Limited, a New Zealand-based company.
0 kommentar(er)
