Hackers Replace MEGA Chrome Extension with Trojanized Version

Users of the Mega.nz file hosting and sharing service were targeted through a supply chain attack in which hackers replaced the company’s official Chrome extension with a malicious version. The attack happened Sept. 4 at 14:30 UTC (10:30 a.m. EST), when MEGA’s Chrome extension was updated to version 3.39.4 on the Google Chrome Web Store. The update was not pushed by MEGA itself, but by hackers, and the new version contained code designed to steal people’s login credentials on various websites, including amazon.com, live.com, github.com, google.com, myetherwallet.com, mymonero.com and idex.market.

View Full Story

ORIGINAL SOURCE: Security Boulevard