Official Mega Chrome Extension Steals Users Logins and Crypto Wallet Private Keys

If you are using Mega.nz Chrome extension then, immediately remove it and also change all your online account passwords.
An Italian developer and contributor to the Monero Project, who goes online with alias- SherHack, have found that MEGA.nz Chrome extension version 3.39.4, had a malicious code behavior.

SherHack points that the official chrome extension of file sharing site Mega.nz, steals usernames and passwords from various sites and also private keys for cryptocurrency accounts.

According to an analysis of the extension's source, the malicious code triggered on sites such as Amazon, Google, Microsoft, GitHub, the MyEtherWallet and MyMonero web wallet services, and the IDEX cryptocurrency trading platform.

The malicious code records all the necessary details for login i.e. Username and password or cookies etc.. Moreover it also grab private keys of cryptocurrency wallets, if users visit one of there Crypto wallet accounts.

All the collected data were send to a server located at megaopac[.]host, hosted in Ukraine.

At the mean time Google had removed the extension from Chrome store but if you like to get and check it then you can get from dropbox link.

At the same time, Firefox addon of the mega.nz is clear and no such behavior found. 

Mega and Google, both of them is yet to comment on this.