Fake Extensions to Steal Passwords on Chrome Are on the Rise

Passwords are the gateway to our digital life, like the key to our house, which identifies us on any website and separates our space or our profile from that of others. The information on social media, and the opportunities to spoof identities, are invaluable to hackers, who are constantly looking for ways to compromise our security and steal our passwords in many different ways. And one of the techniques that is gaining the most popularity is doing it using malicious extensions.

Google Chrome has its own password manager, a safe space within the browser where to save all the users and passwords of the web pages where we register. These passwords are synchronized with our Google account, and thanks to this we can access them from other Chrome browsers, for example, from another browser or from another device. However, Chrome’s password manager is not the only one out there.

Fake Extensions to Steal Passwords on Chrome

There are other much more complete and private alternatives (such as LastPass, KeePass, Edge, etc) that allow us to keep the keys of our digital life much better. But the browsers, as standard, are not compatible with these third-party platforms. This is where extensions come into play.

Use password managers in Chrome thanks to extensions

The developers of the main password managers help us to use their platforms in browsers, such as Chrome, thanks to the extensions. For example, if we are LastPass users, we can download the corresponding extension from the Chrome Store to be able to access all the keys that we have stored there without leaving the browser. The same happens with Microsoft and Edge, which although it has its own password manager, we can use the ” Microsoft Authenticator ” app to make use of them directly from other operating systems, such as Android or iOS. We even have an official autofill extension for Google Chrome.

Although we must be very careful what we go down.

Beware of malicious extensions

Thanks to the extensions it is possible to depend much less on Google and its services. But it can be dangerous. Hackers are aware that users often resort to these types of extensions. And, of course, they don’t want to lose an opportunity.

It is easy to find fake applications in browser extension stores that try to pass themselves off as legitimate. One of the last to take place this week was a fake Microsoft Authenticator extension . This extension perfectly mimicked the appearance of the Microsoft extension, including its listing in the store. It even had a 3-star rating out of 5. But when you lower it, the problems begin. The extension is fake, it has not been uploaded by “Microsoft Corporation” and it does not have a legitimate email. It is a fake extension designed to steal passwords.

Falsa extensión contraseñas MS Authenticator Chrome

Microsoft does not have an official Authenticator app on the Chrome Store. We can download this app from the Microsoft Store, or from mobile stores, but not in the browser. The extension we are looking for to use passwords in the browser is ” Microsoft Autofill “. This extension has been uploaded by “Microsoft Corporation”.

It is necessary to always make sure that the extension has been uploaded by the correct company, and that the contact email corresponds to it and is not a generic email. We also have to always pay attention to the ratings and comments of users, especially when we are going to download extensions related to data as sensitive as these.