Only users who received the malicious Hola VPN Chrome extension update and who navigated to the website yesterday, July 9, are in danger.īleeping Computer has reached out to the Hola and MEW teams for the precise interval during which the malicious extension was on the Chrome Web Store, and during which users were vulnerable to being redirected to the MEW phishing site. Urgent! If you have Hola chrome extension installed and used MEW within the last 24 hrs, please transfer your funds immediately to a brand new account!Ĭhrome extensions update in the background, as a new version is pushed out. The MEW team is advising users of this Chrome extension to move cryptocurrency funds to a new MEW account, just to be safe. The Hola team didn't say how the hacker gained access to its Chrome Web Store developer account, but Chrome extension developers have been under a barrage of phishing attacks since last year. The Hola VPN Chrome extension has now been restored to its clean version, which is yet again available via the Chrome Web Store. "We notified MEW, notified Google, and ensured that the hacker's web site was down," Hola developers said. Original Hola VPN Chrome extension restored "The attack was programmed to inject a JavaScript tag in to the MEW site to 'phish' information about MEW accounts that are logging in without being in 'incognito mode', by re-directing the MEW users to the hacker's website," the Hola VPN team said. The compromise took place yesterday and only lasted for five hours the MyEtherWallet (MEW) team said in a tweet. A hacker has breached a Hola VPN developer account and has replaced the official Chrome extension with one that redirected users of the website to a phishing page controlled by the attacker.
0 kommentar(er)
