HomeWinBuzzer NewsFake Microsoft Authenticator Extension on Chrome Sparks Fake Review Investigation

Fake Microsoft Authenticator Extension on Chrome Sparks Fake Review Investigation

Security researcher KrebsOnSecurity followed a trail from a fake Microsoft Authenticator extension to a network of malicious extensions and fake reviews.


When shopping for something online or simply deciding on a service or product, many consumers head online to read reviews. One problem is it is very easy to put fake reviews. Vendors may put fake positive reviews and rivals may add fake negative reviews. It is a part of the online world, but it leaves a lot of confused customers.

Security researcher KrebsOnSecurity discovered web extensions that were using Authenticator to leverage fake reviews to gain personal and financial information from users.

KrebsOnSecurity was informed by a reader that there was a fake Microsoft Authenticator web extension on the Chrome Store. The researcher investigated the profile behind the extension and found five user reviews. Three of those reviews were warning users to stay away, while the other two were three and four-star reviews.

One by a so-called Theresa Duncan could not contain its delight, stating about the extensions “It's great!… I've only had very occasional issues with it.”

The other from Anna Jones the tool have “Very convenient and handing”, whatever that means.

confirmed that the email address associated to the account that published the fake Microsoft Authenticator also handles an extension called “iArtbook Digital Painting.”

The iArtbook extension was also removed, but before had claimed three reviews from only 22 installs. All these reviews were positive.

Multiple Fake Extensions

Investigating the accounts of the people who left these positive reviews, Krebs found similar reviews across other iffy web extensions. More fake extensions and more fake reviews. Over a 24-hour investigation, the researcher found over 100 false positive reviews across a group of fraudulent web extensions.

39 reviewers left positive feedback on extensions that were clearly ripping off major brands and asked for financial data. 25 developer accounts were associated with many banned apps. And 45 malicious extensions with an overall download base of around 100,000.

Major brands aside from Microsoft were subject to fake extensions, including Amazon, Verizon, HBO, and Facebook.

Krebs reached out to Google, but the company did not respond. However, it has removed all the fraudulent extensions from Chrome.

Tip of the day: When runs into serious problems, it's not rare to run into startup problems. Corrupted Windows files, incorrect system configuration, driver failure, or registry tweaks can all cause this issue.

Using Windows 10 startup repair can fix boot issues caused by the most prevalent issues. Though it may seem that all is lost when you run into startup problems, it's important to try a Windows 10 boot repair so you can at least narrow down the source of the issue. If it doesn't work, you may have to reinstall the OS or test your hardware.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News