Fake Microsoft Authenticator extension removed after weeks on the Chrome Web Store: Report | HT Tech

Fake Microsoft Authenticator extension removed after weeks on the Chrome Web Store: Report

According to a new report, the malicious extension sent users to a Polish website that tricked users into making an account – most likely to harvest their details.

By: HT TECH
| Updated on: May 19 2021, 21:46 IST
Microsoft Authenticator.
Microsoft Authenticator. (Microsoft)

Browser extensions offer a variety of functions beyond the advertised features of a web browser and are popular among users of the most widely used browsers – Google Chrome, Mozilla Firefox, Microsoft Edge, Vivaldi and Opera. While It's not every day that you see a malicious browser extension on one of these browsers, sometimes malware manages to make its way onto the browser's stores.

According to a report by Neowin, the Chrome Web Store, the official source of extensions for Google's Chrome browser harboured a fake ‘Microsoft Authenticator' extension for weeks before it was finally removed from the store. Ironically, the extension's developer name was called “Extensions” instead of Microsoft, which clearly did not trigger Google's security mechanisms, according to the report.

You may be interested in

LaptopsTablets
27% OFF
Microsoft Surface Studio A1Y 00022
  • Platinum Silver
  • 16 GB LPDDR4X RAM
  • 512 GB SSD
7% OFF
Microsoft Surface Pro 8 8PV 00029
  • Graphite Black
  • 16 GB DDR4 RAM
  • 256 GB SSD
47% OFF
Microsoft Surface 4 5UI 00049
  • Platinum Silver
  • 8 GB DDR4 RAM
  • 256 GB SSD
28% OFF
Microsoft Surface Pro 7 M1866 VDH 00013
  • Platinum
  • 4 GB LPDDR4X RAM
  • 128 GB SSD

Don't miss: Top five Google Chrome extensions to up your remote working skills

Not sure which
laptop to buy?

Just like Twilio's Authy service and Google Authenticator, Microsoft Authenticator acts as a multi-factor authentication service that can be used on mobile devices to generate security codes after a user enters their passwords while signing to their favourite sites. The service works on both Android devices as well as devices running Apple's iOS operating system – unlike Authy, it does not have any official browser extension.

The malicious Chrome extension's entry on the Chrome Web Store. 
The malicious Chrome extension's entry on the Chrome Web Store.  (gHacks)
image caption
The malicious Chrome extension's entry on the Chrome Web Store.  (gHacks)

What is especially disturbing is that last month, gHacks had identified the malicious extension masquerading as the official Microsoft Authenticator app on the Chrome Web Store. While it was reportedly found on April 23, it appears that Google did not remove the download until it had picked up hundreds of downloads. According to the report, the extension sent users to a Polish website that tricked users into making an account – most likely to harvest their details.

Read more: Microsoft Edge browser now in beta testing for Linux computers

Microsoft has never released an extension for its Authenticator service for Google Chrome or any other browser, the company told the Register. Users who want to use the Authenticator service should either download the app on their Android and iOS powered devices from the respective app stores.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 19 May, 21:46 IST
NEXT ARTICLE BEGINS