Fake Microsoft Authenticator “Extension” was discovered recently.
The malicious extension directed users to a Polish website that fooled them into creating an account in order to steal their personal information.
Browser extensions are common among users of the most commonly used browsers – Google Chrome, Mozilla Firefox, Microsoft Edge, Vivaldi, Opera – and provide a range of functions beyond the advertised features of a web browser.
Although you don’t see malicious browser extensions on these browsers every day, malware does occasionally find its way into their web/app stores.
According to Neowin, the official source of extensions for Google’s Chrome browser, the Chrome Web Store, had a fake “Microsoft Authenticator” extension for weeks before it was eventually removed.
According to the report, the extension’s developer name was “Extensions” rather than Microsoft, which obviously did not trigger Google’s safety measures.
Microsoft Authenticator, like Twilio’s Authy and Google Authenticator, is a multi-factor authentication tool that can be used on mobile devices to generate security codes after users enter their passwords when signing in to their favorite websites.
The service is compatible with both Android and Apple’s iOS operating systems, but unlike Authy, it does not have an official browser extension.
What’s more alarming is that gHacks discovered the malicious extension masquerading as the official Microsoft Authenticator app on the Chrome Web Store just last month.
Despite the fact that it was discovered on April 23, it seems that Google did not delete the download until hundreds of people had downloaded it.
You might also like: Microsoft Edge blocks Firefox installer: Report
According to the report, the extension directed users to a Polish website that persuaded them to create an account in order to harvest their personal information.
According to the Register, Microsoft has never launched an extension for its Authenticator application for Google Chrome or any other browser.
Users who want to use the Authenticator service can download the app from the respective app stores for their Android and iOS devices.