Users of the Google Chrome web browser need to be wary of installing extensions from the Chrome Web Store for their browsers, as it has been reported that a false Chrome add-on claiming to be a “Microsoft Authenticator” is available. Hundreds of people have already downloaded the extension, believing it to be a legitimate add-on but are really exposing their information to cyber criminals.
To make matters worse, the extension uses both the name and branding of the legitimate Microsoft Authenticator app has managed to bypass Google’s security systems and even accrued a score of three out of five stars that makes it look even more legitimate.
Close inspection of the extension’s entry in the Chrome Web Store would, in an ideal world, have raised suspicions amongst potential downloaders: the add-on claimed to have been uploaded by “Extensions” rather than the “Microsoft Corporation” you would normally expect, and contact details pointed to a Gmail account, rather than Microsoft’s own domain.
A further look at the reviews of the extension would have also raised alarm, as some of them warned anyone considering downloading the extension of the danger, whereas other reviewers, presumably fake, were full of praise for it.
If users downloaded the extension, they are directed to a Polish webpage that redirects to a further webpage automatically asking for a sign-in or creation of an account.
The extension has since been removed from the Chrome Web Store by Google, but it is a new type of threat that web users should be aware of engaging with. It is thought the hundreds of people affected may have given up access to their corporate networks, if they indeed filled out the phishing page with their account information.
As users become more aware of multi-factor authentication (MFA) and its many, many benefits, it is important to remember to always double check any applications or extensions to your browser that you download. It could just be the case that they aren’t what they seem.