Some of Our Sources
- BoingBoing
- Team Treehouse
- Just Creative
- You The Designer
- Web Designer Depot
- Noupe
- Reencoded
- Wal You
- Design Modo
- Dev To
Help Webnuz
Referal links:
September 5, 2018 06:42 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/hN3TsMIh1xw/official-chrome-extension-of-cloud-storage-service-mega-caught-stealing-passwords-cryptocu
Official Chrome Extension of Cloud Storage Service Mega Caught Stealing Passwords, Cryptocurrency Private Keys
The official Chrome extension for the MEGA.nz file sharing service has been compromised with malicious code that steals usernames and passwords, but also private keys for cryptocurrency accounts, ZDNet reports. From the report: The malicious behavior was found in the source code of the MEGA.nz Chrome extension version 3.39.4, released as an update earlier today. Google engineers have already intervened and removed the extension from the official Chrome Web Store, and also disabled the extension for existing users. According to an analysis of the extension's source, the malicious code triggered on sites such as Amazon, Google, Microsoft, GitHub, the MyEtherWallet and MyMonero web wallet services, and the IDEX cryptocurrency trading platform. The malicious code would record usernames, passwords, and other session data that attackers would need to log in and impersonate users. If the website managed cryptocurrency, the attacker would also extract the private keys needed to access users' funds.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/hN3TsMIh1xw/official-chrome-extension-of-cloud-storage-service-mega-caught-stealing-passwords-cryptocu
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot