Researchers to Find Malicious Monero Miner in Google Play

The miner wasn't hidden - it had to sent XMR to user's wallet, but sent it to scammer's wallet instead
13 March 2018   688

In the Google Play app store, an application for the Monero mining with a "defect" was found. Monero Miner successfully coped with the stated task and really mined the crypto currency, using for this purpose the computing power of the Android devices, but their owners did not become richer from it. This is reported ESET antivirus company.

The thing is that mined XMR coins were send to the scammers addresses, not user's. 

The general mining fever helps scammers. Some of them hide the function of mining in their mobile applications for hidden mining using the users' devices. Others, on the contrary, specifically develop applications to deceive novice miners. 
 

Sergey Kuznetsov

Head of the technical support department,  ESET Russia products and services

To date, the application has been removed from Google Play. Before that, up to 50,000 users could install it. 

Scammers to Replace MEGA Extension to Steal Crypto

MEGA is a popular file exchange service; scammers were able to replace its official Google Chrom extension
05 September 2018   449

The popular file-sharing service MEGA reported a hacker attack. Attackers managed to replace the official Chromme extension of the service and to collect data on users' crypto-currency wallets.

On 4 September 2018 at 14:30 UTC, an unknown attacker uploaded a trojaned version of MEGA's Chrome extension, version 3.39.4, to the Google Chrome webstore. Upon installation or autoupdate, it would ask for elevated permissions (Read and change all your data on the websites you visit) that MEGA's real extension does not require and would (if permissions were granted) exfiltrate credentials for sites including amazon.com, live.com, github.com, google.com (for webstore login), myetherwallet.com, mymonero.com, idex.market and HTTP POST requests to other sites, to a server located in Ukraine. Note that mega.nz credentials were not being exfiltrated.

MEGA Blog

Thus, attackers could get access to the popular cryptocurrency wallets MyEtherWallet and MyMonero. Also, users' funds on the decentralized IDEX exchange are under the thread too.

Representatives of the file sharing company stressed that the fake extension was replaced by a genuine one four hours after the substitution. And an hour later, Google reacted and removed the extension from the Chrome store. Note that at the time of publication, the MEGA extension for Chrome in the official store is still not available.

Earlier it was reported that users of MyEtherWallet, using the free VPN-plugin Hola, could become victims of a hacker attack.