Fake Microsoft Authenticator Phishing Extension Finally Disappears From Chrome Web Store After One Month




The fake extension discovered yesterday by the Microsoft Authenticator tool, which was actually a phishing, has finally been removed from the Chrome Web Store. The problem is that came to stay within this Web Store for almost a month before disappearing. Something that, unfortunately, happens often.


Microsoft recently released an extension related to this tool for Chrome called Autofill, which is part of Microsoft Authenticator. But, for the past few weeks, if someone went to the Chrome Web Store and searched for "Microsoft Authenticator", the first result that appeared to them was a false extension that has nothing to do with Microsoft.








Google sets a date for the removal of malicious or low-quality extensions from your browser from the Chrome Webs Store






Of course, a user who did not read well could fall into the trap: it was a phishing scam that endangered data. To recognize it or to recognize others: who offered this extension was not Microsoft but it was "extensions" (You should always check that whoever offers the extension is the real manufacturer). The extension also had some positive comments that were probably fake and used to make the extension look genuine, as gHacks discovered.



Furthermore, a Microsoft spokesperson has said that "Microsoft has never had a Chrome extension named Microsoft Authenticator". It only has the aforementioned Autofill that can synchronize passwords with the Microsoft account we use and allows us to offer an automatic password completion service on mobile devices. Therefore,"the company encourages users to report any suspicious extensions to the Chrome Web Store"said a Microsoft spokesman.



Almost 500 users before being removed




chrome web store




As Windows Central publishes today, before being removed, this fake extension it had 448 users and a three-star rating. It first hit the Chrome Web Store on April 23, 2021, which means it was running for almost a month before being removed.



As you would expect from a fake extension, it cannot be used to authenticate Microsoft account logins, which is the goal of the real Authenticator. When downloading, a button appears. Who click on it you get to a Polish page that asked you to create an account.



Google's habit of asking third parties to fix problems that are not theirs




Google




Google has a security team that imposes "deadlines" for other manufacturers to fix their bugs quickly or that they rebel without a patch "to teach a lesson." Microsoft and Google have already had a run-in in this regard in the past.



Let us remember that in 2014 the Mountain View created Project Zero: a group of "elite hackers" that Google will pay to improve Internet security. One of its functions from the beginning was to look for new bugs in any product that is widely used on the Internet.



A few months later, in early 2015, this team revealed one of the bugs in Windows 8.1 days before the patch was released, a few days later it did the same with three zero-day bugs found in Apple's OS X. This attitude on the part of the search engine's company has been raising blisters for some time among a competition with conflicting opinions.



Chris Betz, who served as director of Microsoft's Security Response Center, even said that it seemed that the only thing that interested those of the search engine was to expose others instead of protecting users.



In 2017 it happened again: the team of Google's Project Zero exposed bad security practices at Microsoft- At the time, specifically the problem with the way Microsoft updates its systems. Before, it had done the same with Windows Defender and with the Explorer and Edge browsers.



These fake extensions are common on the Chrome Web Store



It's been more than three years since we talked about a Google plan to make the installation of Chrome extensions more secure, but these malicious contents continue to roam freely and last a long time before being removed. This is not an isolated case.



As a representative example: last year there were 32 million downloads of extensions that were victims of a spyware campaign, even though the Chrome Web Store started demanding more secure extensions a couple of years ago, and they announced measures to kick malicious or low-quality extensions out of the store.