Some of the data that informed this report. A counterfeit version of CapCut, a professional video editing software suite, claimed nearly 24,000 downloads over a similar time period. A fake Microsoft Teams extension attracted 16,200 downloads in the roughly two months it was available from the Google store. Some of the fake extensions have only a handful of downloads, but most have hundreds or thousands. Scouring the manifests for each of these other extensions in turn revealed that many of the same developers were tied to multiple apps being promoted by the same phony Google accounts. The extensions spoofed a range of consumer brands, including Adobe, Amazon, Facebook, HBO, Microsoft, Roku and Verizon. 25 developer accounts tied to multiple banned applications 45 malicious extensions that collectively had close to 100,000 downloads 39 reviewers who were happy with extensions that spoofed major brands and requested financial data Those reviews in turn lead to the relatively straightforward identification of: In total, roughly 24 hours worth of digging through unearthed more than 100 positive reviews on a network of patently fraudulent extensions. Like an ever-expanding venn diagram, a review of the extensions commented on by each new fake reviewer found led to the discovery of even more phony reviewers and extensions. This same pattern was observed across 45 now-defunct extensions. Reviews on the iArtbook extension were all from apparently fake Google accounts that each reviewed two other extensions, one of which was published by the same developer. Looking at the Google accounts that left positive reviews on both the now-defunct Microsoft Authenticator and iArtbook extensions, KrebsOnSecurity noticed that each left positive reviews on a handful of other extensions that have since been removed. For that I turned to Hao Nguyen, the developer behind, which indexes and makes searchable a broad array of attributes about extensions available from Google. Google’s Chrome Store doesn’t make it easy to search by reviewer. As with the knockoff Microsoft extension, all three reviews were positive, and all were authored by accounts with first and last names, like Megan Vance, Olivia Knox, and Alison Graham. Google’s Chrome Store said the email address tied to the account that published the knockoff Microsoft extension also was responsible for one called “ iArtbook Digital Painting.” Before it was removed from the Chrome Store, iArtbook had garnered just 22 users and three reviews. “Very convenient and handing,” assessed Anna Jones, incomprehensibly. “I’ve only had very occasional issues with it.” “It’s great!,” the Google account Theresa Duncan enthused, improbably. There were a total of five reviews on the extension before it was removed: Three Google users gave it one star, warning people to stay far away from it but two of the reviewers awarded it between three and four stars. Image: .Īfter hearing from a reader about a phony Microsoft Authenticator extension that appeared on the Google Chrome Store, KrebsOnSecurity began looking at the profile of the account that created it. Comments on the fake Microsoft Authenticator browser extension show the reviews for these applications are either positive or very negative - basically calling it out as a scam.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |