The MEGA Chrome extension version 3.39.4 has been compromised and can now steal user’s Monero in addition to other sensitive information, according to recent posts on Twitter and Reddit. MEGA Chrome extension is a tool that claims to improve browser performance by reducing page loading times, in addition to providing a secure cloud storage service.
PSA: The official MEGA extension has been compromised and now includes functionality to steal your Monero: https://t.co/vzWwcM9E5k
— Monero || #xmr (@monero) September 4, 2018
Another user tweeted that, in addition to Monero, the extension could also steal sensitive user data.
!!! WARNING !!!!!!! PLEASE PAY ATTENTION!!
LATEST VERSION OF MEGA CHROME EXTENSION WAS HACKED.
— SerHack (@serhack_) September 4, 2018
At press time, the MEGA Chrome extension was unavailable for download on the Chrome Webstore. Clicking the link for the extension resulted in a 404 error.
XMR, which — despite some claims to the contrary — is lauded as a private and “untraceable” cryptocurrency, has been the target of illicit and illegal activities in the crypto space.
In several instances, cryptojackers have used the computer power of web visitors to secretly mine XMR. In June, a McAfee report found 2.9 million samples of coin miner malware, which works by using Coinhive code — a program designed to mine XMR on a web browser.
In September last year, Cointelegraph reported that a group of Russian hackers installed crypto mining malware on 9,000 computers over the course of two years. The hackers were hijacking machines to mine XMR and Zcash (ZEC), among other cryptocurrencies. Total earnings were estimated to be $209,000 for Monero alone.
XMR is the tenth biggest cryptocurrency, with market capitalization of over $2 billion at press time. The cryptocurrency is currently trading over $138, having gained 0.47 percent over the last 24 hours according to CoinMarketCap.