A lot of Chrome browser extensions have caused problems over the years. Google recently removed the official MEGA extension because it was mining Monero through the users’ computing resources. It is another example of how criminals will continue to explore options to earn cryptocurrencies in nefarious ways.
The MEGA Chrome Extension Debacle
A lot of users may be surprised the MEGA Chrome extension still existed. After the platform has become far less popular in terms of accessing copyrighted content, the need for MEGA’s services has also diminished. Even so, there are still thousands of people accessing this file hosting service, primarily through the native Chrome browser extension. Unfortunately, it seems this project has met its demise once and for all.
Several days ago, it became apparent the MEGA Chrome extension was used to mine Monero. This is not a decision by the original developers, by the look of things, but rather an example of a legitimate extension being hijacked. It also shows how easy it can be for developers to create nefarious applications which tend to get approved and listed in the Chrome Web Store.
PSA: The official MEGA extension has been compromised and now includes functionality to steal your Monero: https://t.co/vzWwcM9E5k
— Monero || #xmr (@monero) September 4, 2018
Thankfully, Google took swift action and removed the extension accordingly. It is the only viable course of outcome in this regard, as there seems to be no way of restoring the application to an earlier version. It is also unclear if only the latest version of the Chrome extension was compromised, albeit that seems to be the case based on the current evidence. Anyone who has this extension installed needs to either disable or remove it altogether.
Under the hood, the compromised MEGA extension seems to rely on CoinHive to mine Monero. This has become a rather common trend among criminals looking to obtain cryptocurrencies through less than legal means. In the case of the MEGA Extension, it began mining as soon as it was installed. Moreover, the extension scraped usernames and passwords pertaining to MyEtherWallet and MyMonero, among other sites.
It is unfortunate Monero and other cryptocurrencies get an even worse reputation through Chrome extensions such as this one. Although no real damage has been done in the process – according to current information – it is evident criminals will continue to explore every option at their disposal. Combating such trends will be very difficult, as it remains an ongoing struggle.