A popular Google Chrome extension for file-sharing service MEGA has been compromised by a group of hackers who managed to steal users private keys, usernames, and passwords.
On September 4, a researcher named SerHack was the first one to send out an alert via Twitter mentioning the hacked extension. He noticed that the tool potentially harvested user credentials from various platforms, including Microsoft, Github, Google, Amazon, MyEtherWallet, MyMonero, IDEX.market, and Live.
The hacker uploaded the malicious version of the browser extension, i.e., version 3.39.4 in an effort to gain access to different websites. The passwords were then sent to a Ukraine-based server.
More information here.