The developers behind Monero (XMR) warned its users that a recent MEGA Chrome extension featured a very serious vulnerability which can enable hackers to steal Monero tokens and other sensitive data.
The MEGA Chrome extension has been found to be compromised, which can allow an attacker to steal a user’s Monero as well as other important data Amazon, Live.com, Github.com, and Google’s webstore, according to posts made by Twitter and Reddit users.
The MEGA Chrome (version 3.39.4) claims to offer an improved browsing experience by reducing the loading time of web pages. It also features a cloud storage system, which claims to be secure but now it has been found out it is vulnerable to attacks. Both Monero and the users that have noticed the vulnerability have posted online about it.
A Reddit user pointed out that the updated version was manifesting in a suspicious behavior.
Chrome Webstore has since taken down the extension after the vulnerability surfaced on the internet. Momentarily, the download link displays a 404 error.
“PSA: The official MEGA extension has been compromised and now includes functionality to steal your Monero: https://www.reddit.com/r/Monero/comments/9cx7cc/dont_use_mega_chrome_extension_version_3394/ …”
Monero is often targeted by hackers due to the privacy features it presents. A few months prior to this event, more than 200,000 routers were compromised by a cryptojacking case which targeted Monero. There have also been various reports of malevolent malware by stealing computing power for mining Monero coins.
The crypto coin is often targeted by hackers due to its proof-of-work consensus algorithm, CryptoNight, which was developed to work seamlessly on consumer CPUs.