Malicious MEGA Chrome Extension Steals Passwords for popular websites like Amazon, Microsoft, Github, and Google, as well as private keys for users’ cryptocurrency wallets. An unknown attacker managed to hack into MEGA’s Google Chrome web store account and upload a malicious version 3.39.4 of an extension to the web store. The extension then sent all the stolen information back to an attacker’s server located at megaopac[.]host in Ukraine, which is then used by the attackers to log in to victims’ accounts.
Source: https://thehackernews.com/2018/09/mega-file-upload-chrome-extension.html