Home / Laptops-pc / News / Fake Microsoft Authenticator extension removed after weeks on the Chrome Web Store: Report

Fake Microsoft Authenticator extension removed after weeks on the Chrome Web Store: Report

Microsoft Authenticator.
Microsoft Authenticator. (Microsoft)

According to a new report, the malicious extension sent users to a Polish website that tricked users into making an account – most likely to harvest their details.

Browser extensions offer a variety of functions beyond the advertised features of a web browser and are popular among users of the most widely used browsers – Google Chrome, Mozilla Firefox, Microsoft Edge, Vivaldi and Opera. While It’s not every day that you see a malicious browser extension on one of these browsers, sometimes malware manages to make its way onto the browser’s stores.

According to a report by Neowin, the Chrome Web Store, the official source of extensions for Google’s Chrome browser harboured a fake ‘Microsoft Authenticator’ extension for weeks before it was finally removed from the store. Ironically, the extension’s developer name was called “Extensions” instead of Microsoft, which clearly did not trigger Google’s security mechanisms, according to the report.

Don't miss: Top five Google Chrome extensions to up your remote working skills

Just like Twilio’s Authy service and Google Authenticator, Microsoft Authenticator acts as a multi-factor authentication service that can be used on mobile devices to generate security codes after a user enters their passwords while signing to their favourite sites. The service works on both Android devices as well as devices running Apple’s iOS operating system – unlike Authy, it does not have any official browser extension.

The malicious Chrome extension's entry on the Chrome Web Store. 
The malicious Chrome extension's entry on the Chrome Web Store.  (gHacks)

What is especially disturbing is that last month, gHacks had identified the malicious extension masquerading as the official Microsoft Authenticator app on the Chrome Web Store. While it was reportedly found on April 23, it appears that Google did not remove the download until it had picked up hundreds of downloads. According to the report, the extension sent users to a Polish website that tricked users into making an account – most likely to harvest their details.

Read more: Microsoft Edge browser now in beta testing for Linux computers

Microsoft has never released an extension for its Authenticator service for Google Chrome or any other browser, the company told the Register. Users who want to use the Authenticator service should either download the app on their Android and iOS powered devices from the respective app stores.

Follow HT Tech for the latest tech news and reviews, also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.