Fake Microsoft Authenticator extension for Chrome

Gandalf_The_Grey · May 18, 2021

Software and extension stores that rely on automatic store submission reviews are more prone to fake and malicious extensions being offered. The latest addition to the growing number of Chrome Store extensions that fall into the category is called Microsoft Authenticator.

The name suggests that it is an official product by Microsoft, but it is not. One hint that something is off is that the company that is offering the extension is not Microsoft Corporation but "Extensions".

A look at the reviews includes several warnings from other users, but also some that praise it. The latter are likely fake and used to instill a level of trust in users who check the reviews before trying the extension.

A quick check of Microsoft's Authenticator homepage reveals that it is available as a mobile application, and as a Microsoft Store version, but not as a browser extension.

The Microsoft Authenticator application cannot be used to authenticate Microsoft account sign-ins or any other sign-in for the matter. It displays a basic page with the option to "run Microsoft Authenticator". A click on the button opens a Polish webpage that redirects to another webpage automatically asking for a sign-in or the creation of an account.

Gandalf_The_Grey · May 19, 2021

Google removes fake Microsoft Authenticator Chrome extension after a month in the store:

Although Google has now removed the extension, it's still a bit worrying that it remained in the store for almost a month and garnered hundreds of downloads. Google declined to comment on the failure of its validation process but in a statement to The Register, Microsoft emphasized that it has never released an extension for Microsoft Authenticator and encouraged users to report such issues to the Chrome Web Store team.

Google removes fake Microsoft Authenticator Chrome extension after a month in the store

A fake Microsoft Authenticator extension for Chrome remained in the store for a month before Google finally removed it today. It redirected users to a suspicious website hosted in Poland.

www.neowin.net

Some links from the article on The Register:

FYI: There are thousands of Chrome extensions with so, so many fake installations to trick you into using them

Fake crypto-wallet extensions appear in Chrome Web Store once again, siphoning off victims' passwords

Google's clever-clogs are focused on many things, but not this: The Chrome Web Store. Devs complain of rip-offs, scams, wait times

Chrome extensions are 'the new rootkit' say researchers linking surveillance campaign to Israeli registrar Galcomm

Another day, another Google cull: Chocolate Factory axes 49 malicious Chrome extensions from web store

Google burns down more than 500 private-data-stealing, ad-defrauding Chrome extensions installed by 1.7m netizens

Google's Chrome Web Store under fire for shoddy service and cryptic policies

Google halts paid-for Chrome extension updates amid fraud surge: Web Store in lockdown 'due to the scale of abuse'

The Microsoft Authenticator extension in the Chrome store wasn't actually made by Microsoft. Oops, Google

Guess they'll let anyone in here

www.theregister.com

Search

Fake Microsoft Authenticator extension for Chrome

Gandalf_The_Grey

Level 76

Gandalf_The_Grey

Level 76

Google removes fake Microsoft Authenticator Chrome extension after a month in the store

The Microsoft Authenticator extension in the Chrome store wasn't actually made by Microsoft. Oops, Google

Similar threads