Scammers to Replace MEGA Extension to Steal Crypto

MEGA is a popular file exchange service; scammers were able to replace its official Google Chrom extension
05 September 2018   753

The popular file-sharing service MEGA reported a hacker attack. Attackers managed to replace the official Chromme extension of the service and to collect data on users' crypto-currency wallets.

On 4 September 2018 at 14:30 UTC, an unknown attacker uploaded a trojaned version of MEGA's Chrome extension, version 3.39.4, to the Google Chrome webstore. Upon installation or autoupdate, it would ask for elevated permissions (Read and change all your data on the websites you visit) that MEGA's real extension does not require and would (if permissions were granted) exfiltrate credentials for sites including amazon.com, live.com, github.com, google.com (for webstore login), myetherwallet.com, mymonero.com, idex.market and HTTP POST requests to other sites, to a server located in Ukraine. Note that mega.nz credentials were not being exfiltrated.

MEGA Blog

Thus, attackers could get access to the popular cryptocurrency wallets MyEtherWallet and MyMonero. Also, users' funds on the decentralized IDEX exchange are under the thread too.

Representatives of the file sharing company stressed that the fake extension was replaced by a genuine one four hours after the substitution. And an hour later, Google reacted and removed the extension from the Chrome store. Note that at the time of publication, the MEGA extension for Chrome in the official store is still not available.

Earlier it was reported that users of MyEtherWallet, using the free VPN-plugin Hola, could become victims of a hacker attack.

Ethereum VM May Have Vulnerability

The vulnerability is reported by NettaLab Twitter account
12 November 2018   147

On November 9, a statement appeared in Netta Lab’s Twitter account that the organization discovered a vulnerability in the Ethereum virtual machine that allows to execute smart contracts endlessly without paying for gas online. The researchers also allegedly turned to the operator of the American database of vulnerabilities, where they registered the corresponding discovery.

Netta Labs discovered an Ethereum EVM vulnerability, which could be exploited by hackers. The vulnerability can cause smart contracts can be executed indefinitely without gas being paied.
 

Netta Lab's Twitter

At Netta Lab's request, Google demonstrates the site of the netto.io project, which specializes in auditing smart contracts under the Netta Lab brand, but the Twitter accounts of the projects do not match. Note that the profile that reported the vulnerability was registered in November.

Many users expressed doubts about the authenticity of the information that appeared, but then the creator of the NEO project Da Hongwei said that he spoke with the CEO of Netta Labs and asked the researchers to audit the NEO virtual machine.

Nevertheless, Vitalik Buterin wrote on Reddit that this is a vulnerability in the Python-implementation of the virtual machine, which was first reported on GitHub 9 days ago. This means that the main clients (go-ethereum; parity and cpp-ethereum) are not affected.