[WARNING]: MEGA Chrome Extension is Compromised: Remove the Extension NOW


If you use the official MEGA Chrome extension, then you need to stop using that extension immediately. The extension is stealing login usernames and passwords for crypto-related accounts.

The issue was spotted by /u/SamsungGalaxyPlayer, who posted the news on /r/cryptocurrency earlier today. However, major crypto companies have also been tweeting about the issue since news broke earlier today.

“If you use the official MEGA Chrome extension, please stop using it immediately. It includes functionality to collect login usernames and passwords for many common websites.”

MEGA is a popular cloud backup extension that allows users to get 50 GB of free storage space. Earlier today, an update was pushed to Chrome users. This update contains malware that will steal account information – including your social media accounts and crypto accounts.

Some of the websites affected by the attack include:

  • Google
  • Facebook
  • MyEtherWallet
  • MyMonero
  • GitHub
  • Microsoft Live / OneDrive

If you use the extension in Chrome, and you’ve logged into the above services recently, then you need to remove the extension immediately and change your passwords.

The MEGA Chrome extension sends your data to a server at hxxxs://www.megaopac dot host/

The issue specifically affects version 3.39.4 of the MEGA Chrome extension. This issue is limited to Chrome and the Firefox version of the extension has not been compromised.

If you believe your account information has been compromised, then consider doing more than just changing your passwords. Move funds from any compromised accounts.

Better yet, if you’re accessing sensitive information on the internet, then consider avoiding any Chrome extension that requires permission to read browsing data. When you give an extension permission to read browsing data, you’re effectively giving away everything you do online. Extensions with this permission even have the ability to record keystrokes along with your browsing history. Even if you trust the company that developed the extension, the extension can always be compromised – say, by a rogue employee or someone with access to the extension’s listing.

As of 4pm EST, the MEGA Chrome extension has been removed from the Google Chrome webstore.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide