The Microsoft Authenticator extension in the Chrome store wasn't actually made by Microsoft. Oops, Google

Guess they'll let anyone in here

The trustworthiness of Google's Chrome Store was again called into question after an extension billing itself as Microsoft Authenticator was published by the software souk without the simplest of checks.

The legit Microsoft Authenticator generates one-time codes for multi-factor authentication, and lately gained password-manager-like features.

However, it’s only available as a smartphone app, and not as a Chrome extension. When someone submitted a dodgy Chrome add-on called Microsoft Authenticator to the browser's store, one would hope Google would have given it more than a cursory glance and checked that it was legit. Instead, the bogus extension was accepted into the store.

The add-on looked fairly convincing; it had Microsoft's logo, at least hundreds of downloads, and a three-star rating. Rather than declare its developer as Microsoft Corporation, though, the software simply said it was offered by "Extension," according to GHacks.

It would have been nice if Google had checks and systems in place to catch extensions masquerading with a company in its name – in this case, Microsoft – when it wasn't actually submitted by that company.

Further inspection using analysis tool CRXcavator revealed the add-on's code contained a suspicious URL that took the browser to a website hosted in Poland.

Indeed, it's said the extension tried to phish netizens by redirecting them to a fake login page and asking for account credentials. Some reported the application sucked up high amounts of CPU resources and perhaps mined cryptocurrencies in the background.

Google declined to comment on the record about how this add-on slipped through the net. The extension has now been pulled. Users who installed the Chrome add-on will receive a warning that the software has been disabled at Google's end.

"Microsoft has never had a Chrome extension for Microsoft Authenticator," the Windows giant told The Register. "The company encourages users to report any suspicious extensions to the Chrome Web Store." ®

Other stories you might like

  • Thunderbird 102 gets a major facelift, Matrix chat support
    Mozilla's messaging client appears to have benefited from sponsor shakeup

    Open-source cross-platform email and messaging client Thunderbird has hit version 102, with a new look and improved functionality, including Matrix chat support.

    The latest release is the first major upgrade since version 91, which The Reg looked at last August. This is normal for the app – it follows the same approximately annual release cycle as Firefox's Extended Support Releases, the most recent of which was also version 91. From now until the next major release, Thunderbird 102 will get a regular stream of minor updates and bug fixes.

    102 has a modernized look and feel. There's a new "Spaces" toolbar, which appears vertically on the left of the app window and lets users quickly flip between inbox, address book, calendar, task list, and chat tabs. All of these are built-in features – the former Lightning calendar add-on is now an integral part of the app, as is PGP support, which used to be an add-on called Enigmail. Thunderbird can talk to various groupware calendar and contact servers, including both private and corporate Google Mail accounts, Microsoft Exchange and Office 365, and others.

    Continue reading
  • UK govt promises to sink billions into electronic health records for England
    NHS App role expanded following perceived COVID-era success

    The UK's National Health Service (NHS) has committed to implementing electronic health records for all hospitals and community practices by 2025, backed by £2 billion (c $2.4 billion) in funding.

    The investment from one of the world's largest healthcare providers follows Oracle founder Larry Ellison's promise to create "unified national health records" in the US after the company paid $28.3 billion for Cerner, an American health software company also at the heart of many NHS record systems.

    In the UK, health secretary Sajid Javid has promised £2 billion to digitize the NHS in England, including electronic health records in all NHS trusts (hospitals or other healthcare providers) by March 2025.

    Continue reading
  • China says it has photographed all of Mars from orbit
    Enjoy the slideshow from Tianwen's orbital adventures

    China is claiming that as of Wednesday, its Tianwen-1 Mars orbiter has officially photographed the entire Red Planet. And it's shown off new photos of the southern polar cap and a volcano to prove it.

    "It has acquired the medium-resolution image data covering the whole globe of Mars, with all of its scientific payloads realizing a global survey," state-sponsored media quoted the China National Space Administration (CNSA) announcing.

    Among the images are one of Mount Askra with its crater, shots of the South Pole whose ice sheet is believed to consist of solid carbon dioxide and ice, the seven-kilometer deep Valles Marineris canyon, and the geomorphological characteristics of the rim of the Mund crater.

    Continue reading

Biting the hand that feeds IT © 1998–2022