In the latest developments, a fake Microsoft Authenticator extension was found to be masquerading on the Chrome Web Store for almost a month.
What is Microsoft Authenticator?
To the unaware, Microsoft Authenticator is a tool that facilitates the enhanced security of user accounts alongside two-factor authentication.
It can be used on mobile devices to generate security codes after a user enters their passwords while signing to their favorite sites. The service works on both Android devices as well as devices running Apple’s iOS operating system.
Malicious Fake Authenticator Extension:
A peculiar characteristic of the fake extension was attributed to its fake listing. It was found that the listing was not from Microsoft rather, was offered by “Extensions”, thereby portraying a clear red flag bearer.
The fake Authenticator extension also boasted of some positive reviews which can be easily orchestrated via dummy users to give the extension an appearance of genuine extension.
In a typical scenario, the genuine Microsoft authenticator would redirect users to the Microsoft account login webpage.
However, the fake Authenticator would redirect victims to a Polish page, prompting them to create an account. This is yet another case of red flags that users should look out for.
The fake Authenticator appeared on the Chrome browser on April 23, 2021. As was provided, the fake Microsoft Authenticator portrayed a total of 448 users and a three-star rating prior to its eradication from the platform.
Microsoft addresses, Google doesn’t:
Subsequently, a Microsoft representative confirmed the presence of the fake Authenticator.
“Microsoft has never had a Chrome extension for Microsoft Authenticator.” Adding that “The company encourages users to report any suspicious extensions to the Chrome Web Store.”
Google, however, is yet to reply on the new developments in the form of the Fake Authenticator, since details regarding how the fake listing made an appearance on the Chrome Web Store or why did it take nearly a month to be detected and removed from the platform are yet to be cleared.