Extensions for your browser are cool.
Such cool gadgets are in reality programs that run autonomously.
So if you have tons of not updated extensions, you risk getting hacked.
MEGA is a cloud storage service with a focus on Privacy. They have all sort of apps, and of course, handy Chrome extensions.
A Hacker managed to hack into MEGA's Google Chrome web store account and upload a malicious version. Upon installation or auto-update, the malicious extension asked for elevated permissions to access personal information, allowing it to steal login/register credentials from ANY websites like Amazon, Github, and Google, along with online wallets such as MyEtherWallet and MyMonero, and Idex.market cryptocurrency trading platform.
The Hacker received all this info on his website megaopac[.]host and cashed in all stolen cryptocurrencies.
Remember always make sure that you need an extension, and if it is asking for more information than usual, be suspicious!
You can read the details of how this was discovered here.
great cath /u/gattacus and @serhack_
Photo by Kari Shea on Unsplash.
The rest we beautified 
.
[zombify_post]
piotrsec.wordpress.com 