The MEGA Chrome extension version 3.39.4 has been compromised and can now steal user’s Monero (XMR) in addition to other sensitive information, according to recent posts on Twitter and Reddit.
MEGA Chrome extension is a tool that claims to improve browser performance by reducing page loading times, in addition to providing a secure cloud storage service.
Monero’s (XMR) official Twitter account posted a warning, advising XMR holders not to use MEGA.
Another user tweeted that the extension can also steal usernames and passwords from Amazon, GitHub, Google, Microsoft portals.
Redditor u/gattacus posted on Monero’s official Reddit page that they became suspicious of foul play following a request for new permission following an extension update:
At press time, the MEGA Chrome extension version 3.39.4 is unavailable for download on the Chrome Webstore.