News Hacker Breaches Hola VPN Chrome Extension to Go After...

Hacker Breaches Hola VPN Chrome Extension to Go After Cryptocurrency Wallet Site

-

- Advertisment -

A hacker has breached a Hola VPN developer account and has replaced the official Chrome extension with one that redirected users of the MyEtherWallet.com website to a phishing page controlled by the attacker.

The compromise took place yesterday and only lasted for five hours the MyEtherWallet (MEW) team said in a tweet. The Hola VPN team admitted to the hack.

“The attack was programmed to inject a JavaScript tag in to the MEW site to ‘phish’ information about MEW accounts that are logging in without being in ‘incognito mode’, by re-directing the MEW users to the hacker’s website,” the Hola VPN team said.

Original Hola VPN Chrome extension restored

“We notified MEW, notified Google, and ensured that the hacker’s web site was down,” Hola developers said.

The Hola VPN Chrome extension has now been restored to its clean version, which is yet again available via the Chrome Web Store.

The Hola team didn’t say how the hacker gained access to its Chrome Web Store developer account, but Chrome extension developers have been under a barrage of phishing attacks since last year.

Not that many MEW users affected

The MEW team is advising users of this Chrome extension to move cryptocurrency funds to a new MEW account, just to be safe.

Not all MEW users were affected.

Chrome extensions update in the background, as a new version is pushed out. Only users who received the malicious Hola VPN Chrome extension update and who navigated to the MyEtherWallet.com website yesterday, July 9, are in danger.

Bleeping Computer has reached out to the Hola and MEW teams for the precise interval during which the malicious extension was on the Chrome Web Store, and during which users were vulnerable to being redirected to the MEW phishing site. But, out of an abundance of caution, all users who used the Hola VPN extension yesterday should move funds to new MEW accounts.

All in all, this was a highly complex hack, but this is not the first time the MyEtherWallet service has faced such an incident. In April this year, someone hijacked one of Amazon’s most important BGP routes so it could hijack DNS entries for the MyEtherWallet website and, again, redirect users to a phishing site. Hackers made over $160,000 from that attack. For the time being, it is unclear if this second group of hackers managed to steal any funds from users wallets with their Chrome extension shenanigans.

Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Network Security Using Cryptography: Everything you need to know

This article will describe what is Network Security Using Cryptography and everything you need to know before...

Mercuriex Cryptocurrency Exchange Launches New Utility Token, SURF

MercuriEx Cryptocurrency Exchange, originally developed in 2017, came under new ownership in December 2019. Since taking over the exchange,...

Fungibility: Bitcoin Mixers Favorite Term That No One Understands

Fungibility, perhaps the most important concept when dealing with a decentralized and anonymous currency, but does bitcoin...

Crypto can’t thrive in the real world – but stablecoins can

We can safely say that the hype about cryptocurrencies is pretty much over. The claims of Bitcoin...
- Advertisement -Hacker Breaches Hola VPN Chrome Extension to Go After Cryptocurrency Wallet Site

How to double your crypto

Most of us have a small gambler deep inside our souls. We love to feel the thrill...

Cryptocurrency Top Security Risk Concerns: What You Can Do to Protect Your Crypto

A report by CipherTrace revealed that in the first half of 2019, criminals and fraudsters stole more...

Must read

Mercuriex Cryptocurrency Exchange Launches New Utility Token, SURF

MercuriEx Cryptocurrency Exchange, originally developed in 2017, came...
- Advertisement -Hacker Breaches Hola VPN Chrome Extension to Go After Cryptocurrency Wallet SiteHacker Breaches Hola VPN Chrome Extension to Go After Cryptocurrency Wallet Site

You might also likeRELATED
Recommended to you