What you need to know
- A fake Microsoft Authenticator extension appeared in the Chrome Web Store.
- The extension was available for almost a month before it was taken down.
- The fake extension prompted people to fill out information on a Polish webpage.
Microsoft Authenticator is a great tool to improve the security of your accounts with two-factor authentication. Unfortunately, scammers tried to utilize the good name of Microsoft Authenticator to trick people into sharing personal information. Recently, a fake Microsoft Authenticator listing was spotted in the Chrome Web Store by gHacks. It has since been taken down, but managed to remain in the Chrome Web Store for almost a month before its removal.
The fake listing was not from Microsoft. Instead, it said it was offered by "Extensions," which is a clear red flag that it is not genuine. The extension also had some positive reviews that were likely fake and used to make the extension look genuine.
As you would expect from a fake extension, it cannot actually be used to authenticate Microsoft account sign-ins. Instead, it has a button that redirects you to a Polish page asking for you to create an account.
The fake Microsoft Authenticator extension had 448 users and a three-star rating before its removal, as highlighted by gHacks. It first arrived in the Chrome Web Store on April 23, 2021, which means it was up for almost a month before being removed.
A Microsoft spokesperson confirmed to The Register that "Microsoft has never had a Chrome extension for Microsoft Authenticator." Adding that "The company encourages users to report any suspicious extensions to the Chrome Web Store."
Google has not replied to requests regarding how the fake listing managed to appear in the store and to not be removed for nearly a month.
Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at firstname.lastname@example.org (opens in new tab).
Must not be much monetization for Google in the Chrome Web Store so it doesn't get the (clearly already developed and implemented) protections and attention the Play Store does.
This is also why I am glad that Microsoft Edge has natively integrated tab suspension into their browser when this was also done by a third-party extension. Most people are unaware of how much personal information these extensions have access to. If I were to share my data, I'd rather do it with a reputable firm like Microsoft.
Get the best of Windows Central in in your inbox, every day!
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.