I hope you’re being cautious if you’re installing extensions from the Chrome Web Store for your browser and care about your online security.
Because it’s reported that a bogus Chrome add-on purporting to be “Microsoft Authenticator” successfully managed to sneak its way in, and duped hundreds of people into downloading it.
As GHacks reports, an extension using both the name and branding of the legitimate Microsoft Authenticator app was discovered the browser add-on marketplace and managed to accrue a three out of five star rating.
According to the report, the fake Microsoft Authenticator extension was made available on April 23 this year after failing to be spotted by Google’s security systems and has reached 448 users.
Close inspection of the extension’s entry in the Chrome Web Store would, in an ideal world, have raised suspicions amongst potential downloaders: the add-on claimed to have been uploaded by “Extensions” rather than the “Microsoft Corporation” you would normally expect, and contact details pointed to Gmail rather than Microsoft’s domain.
Glancing at reviews of the extensions should also have raised alarm, as some of them clearly warned potential users of the danger, whereas other reviews (presumably fake) were brimming with suspicious praise.
Finally, Microsoft’s own webpages about its Authenticator product make clear that it is not available as a browser extension, but as an Android and iOS smartphone app.
If you were unfortunate enough to add the fake extension to your Chrome browser, GHacks described how you would be disappointed by its functionality:
The Microsoft Authenticator application cannot be used to authenticate Microsoft account sign-ins or any other sign ..
Support the originator by clicking the read the rest link below.
