All users currently using the Mega Chrome file storage service are advised to uninstall it immediately. The extension was compromised, and in its place a malicious 3.39.4 version was installed allowing for users’ credentials in the likes of Amazon, Microsoft, Github, Google and even the private keys used to access Bitcoin wallets to be exposed. After the trojanized version of the extension was in place, all the information that they were able to access was transferred to a server in Ukraine, megaopac[.]host. Affected users are anyone who currently has the app installed, auto update enabled, and has accepted the extended permissions that the malicious version asked for. Although it is unclear at this time how many users were affected, it is believed to be in the tens of millions. After learning of the breach, Google took it off of its Chrome Web Store within four hours and a clean version 3.39.5 was released.
