The MEGA Chrome extension version 3.39.4 has been compromised and can now steal user’s Monero in addition to other sensitive information, according to recent posts on Twitter and Reddit. MEGA Chrome extension is a tool that claims to improve browser performance by reducing page loading times, in addition to providing a secure cloud storage service.
The official Twitter account of Monero (XMR) posted a warning, advising XMR holders to steer clear of MEGA.
Another user tweeted that, in addition to Monero, the extension could also steal sensitive user data.
Redditor u/gattacus posted on Monero’s official Reddit page that they became suspicious of foul play following a request for new permission following an extension update:
At press time, the MEGA Chrome extension was unavailable for download on the Chrome Webstore. Clicking the link for the extension resulted in a 404 error.
XMR, which — despite some claims to the contrary — is lauded as a private and “untraceable” cryptocurrency, has been the target of illicit and illegal activities in the crypto space.
In several instances, cryptojackers have used the computer power of web visitors to secretly mine XMR. In June, a McAfee report found 2.9 million samples of coin miner malware, which works by using Coinhive code — a program designed to mine XMR on a web browser.
In September last year, Cointelegraph reported that a group of Russian hackers installed crypto mining malware on 9,000 computers over the course of two years. The hackers were hijacking machines to mine XMR and Zcash (ZEC), among other cryptocurrencies. Total earnings were estimated to be $209,000 for Monero alone.
XMR is the tenth biggest cryptocurrency, with market capitalization of over $2 billion at press time. The cryptocurrency is currently trading over $138, having gained 0.47 percent over the last 24 hours according to CoinMarketCap.