The popular cloud storage service MEGA has warned users of an infected version of its own Chrome extension that was distributed through the official download channel and tried to steal all kinds of user data. According to MEGA, the cloud storage service of internet entrepreneur Kim Dotcom, an attacker has gained access to the official Chrome Web Store account of the company.
Then an infected version of the MEGA Chrome extension was placed in the Web Store and automatically offered to existing users. This version required permission to read data on all websites. As soon as users granted this permission, the extension tried to steal private keys for cryptocurrency wallets and user names and passwords for Amazon, GitHub, Google and Microsoft accounts.
After five hours, the infected Chrome extension was removed from the Chrome Web Store by Google. MEGA states that it has initiated an investigation to find out how the Web Store account could be taken over. The cloud storage service also gets to Google because it does not allow developers to sign their Chrome extensions. The extensions are now automatically signed after being uploaded to the Chrome Web Store. According to MEGA, this will remove an important measure that must protect against attackers.
Before MEGA gave the warning, Jeremy Nation of MetaCert already came up with an analysis of the infected extension. It is not the first time that attackers get access to the Web Store account of an extension developer and then distribute an infected update or version. At the end of last year, eight Chrome extensions were discovered that had been hacked and adware was installed by the 4.6 million users. The attackers had been able to trace the login data for the Web Store through these phishing attacks.
No comments:
Post a Comment