 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.813789 |
| Category: | Malware |
| Title: | Google Chrome MEGA Extension Trojan - Windows |
| Summary: | Checks for a trojaned Google Chrome MEGA extension.;; Note: This script is not running by default as it needs to crawl the target host for the affected; file which puts high load on the target during the scan. Please enable it separately within the; scripts preference. |
| Description: | Summary: Checks for a trojaned Google Chrome MEGA extension. Note: This script is not running by default as it needs to crawl the target host for the affected file which puts high load on the target during the scan. Please enable it separately within the scripts preference. Vulnerability Insight: The flaw exists as a trojaned version of MEGA extension was available in google-chrome webstore for installation and update. Vulnerability Impact: Upon installation or auto update to trojaned version, extension would exfiltrate credentials for sites including amazon.com, live.com, github.com, google.com (or webstore login), myetherwallet.com, mymonero.com, idex.market and HTTP POST requests to any other sites. Then it will send them to a server located in Ukraine. Affected Software/OS: MEGA extension version 3.39.4 for Google Chrome on Windows. Solution: Update the MEGA extension to version 3.39.5 or later. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Copyright | Copyright (C) 2018 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |