A fake version of the Hola VPN was uploaded to the Google Play Store on July 9 which compromised MyEtherWallet (MEW) for those who downloaded it. MEW user activity and passwords were exposed to the hacker for users who downloaded the app within the five hours it was live as they were directed to a fake website.
Hola VPN Hacked Exposing User Activity
Hola VPN’s Google Chrome Store account was compromised, which allowed a hacker to upload a modified version of the Chrome extension. The fake extension was programmed to ‘phish’ information about MEW accounts by re-directing the MEW users to the hacker’s website.
Hola said, in a blog post: “Immediately upon learning about the incident, we set up a CyberSecurity response team to investigate the incident. We also took immediate emergency steps to immediately replace the extension, secure the developer’s account, and to monitor versions on a constant basis to ensure this does not recur.”
Urgent! If you have Hola chrome extension installed and used MEW within the last 24 hrs, please transfer your funds immediately to a brand new account!
— MyEtherWallet.com (@myetherwallet) July 10, 2018
“We are now determining the scope of the compromise, and conducting an assessment on steps that can be taken to help prevent such an incident from occurring in the future. We will share the findings from this analysis with the ecosystem to help ensure a safer Internet environment.”
Users may have been affected if they had the extension installed while the fake extension was on the app store and logged into MEW without being in incognito mode. Hola advised users to change passwords and only log into wallets in incognito mode where “code injection is not possible.”
MyEtherWallet tweeted: “Urgent! If you have Hola chrome extension installed and used MEW within the last 24 hrs, please transfer your funds immediately to a brand new account! We received a report that suggests Hola chrome extension was hacked for approximately 5 hrs and the attack was logging your activity on MEW.”
MEW told TechCrunch that the attack appears to be from a Russian-based IP address. MEW said that they do not store users’ personal data, including passwords, which means that hackers did not get hold of such information unless they interacted with the fake Hola extension on July 9.
Fake MEW Apps Claim 8,000 ETH
There are a high number of fake MEW websites which have scammed users for amounts up to 515 ETH according to a database by CryptoPolice. In total, these websites have scammed over 8,000 ETH from unsuspecting users. CryptoPolice encouraged all users to “be extra cautious and always check the domain names.”
Users have also been warned of downloading fake apps that make themselves look like the official app. Malware Researcher Lukas Stefanko reported a fake MEW app on Google Play Store on July 9. He said that the app “leaks user database with private keys.” He also said, on Twitter, that there are 15 apps with more than 400,000 combined downloads which can download additional content and display and click on invisible ads.
Featured image from Shutterstock.