Google removes fake Microsoft authenticator from Chrome Web store
Extension stores that rely entirely on automated censorship are more susceptible to false and malicious extensions. Chrome Web Store falls into this category. Nowadays, there are more and more extensions in this store, but at the same time, it is also increasingly affected by false and malicious extensions. The newly added fake extension is called Microsoft Authenticator.
Judging from the name of this extension alone, it seems to indicate that it is an official product of Microsoft, but in fact, it is not. From the “offered by” below, the company providing the extension is not Microsoft, but “Extensions”. This name is also very misleading, which means that the extension is not officially produced by Microsoft.
Before being taken off the shelf, the extension was downloaded and used by 448 users in the store, and the overall evaluation was three stars. And this fake extension has been in the store since April 23, 2021.
If users are willing to spend some time checking further, they will find more problems. Among them, the developer’s email address looks like an address used to send spam, and the Gmail address is used instead of Microsoft’s official mailbox. And in the comments of the extension, there are warnings from other users.
A quick look at Microsoft’s official Authenticator homepage will reveal that the official Authenticator currently only has Android and iOS mobile apps, as well as the Windows version in the Microsoft Store. There is currently no browser extension.
This fake Microsoft authenticator cannot actually be used to verify the login of a Microsoft account or any other website. After clicking, it will only open a Polish webpage, which will redirect to another webpage that requires login or account creation, which may be used to steal user account information.
Although Google has removed the extension from the store, it has been on the store for nearly a month, making people worried about Google’s security in this regard.