Cybercriminals managed to publish a bogus Chrome extension pretending to be “Microsoft Authenticator” on Chrome Store and trick hundreds of people into downloading it.
The extension used the name and branding of the legitimate Microsoft Authenticator app and had a three-star rating.
According to the report by GHacks, a malicious developer uploaded the fake Microsoft Authenticator extension on April 23. The extension’s author fooled Google’s security systems and managed to acquire 448 users.
The author of the add-on appears as “Extensions” rather than the “Microsoft Corporation,” as it would normally be. And contact email from Gmail rather than Microsoft’s domain should have raised suspicions in a careful user.
Reviews of the extension are no better picture: some of them warn potential users that the extension is fake, whereas, on the other end of the spectrum, reviews (presumably fake) were suspiciously full of praise.
According to Microsoft’s webpage, its Authenticator app is not available as a browser extension, only as an app for Android and iOS smartphones.
GHacks tried using the extension and said anyone who added it to Chrome would be disappointed by its functionality:
“The Microsoft Authenticator application cannot be used to authenticate Microsoft account sign-ins or any other sign-in for the matter. It displays a basic page with the option to “run Microsoft Authenticator”. A click on the button opens a Polish webpage that redirects to another webpage automatically asking for a sign-in or the creation of an account.”
Clearly, the extension was used for phishing purposes.
The fake extension has since been removed from the Chrome Web Store by Google. It is unknown how many of those 400+ users have unwittingly given their personal information to the criminal.
In similar news, previously, we reported how malicious extensions can abuse Chrome Sync by bad actors to harvest information from compromised machines.