Using Fake Reviews to Find Dangerous Extensions

2021-05-29 16:14

Here's the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data.

Looking at the Google accounts that left positive reviews on both the now-defunct Microsoft Authenticator and iArtbook extensions, KrebsOnSecurity noticed that each left positive reviews on a handful of other extensions that have since been removed.

Like an ever-expanding venn diagram, a review of the extensions commented on by each new fake reviewer found led to the discovery of even more phony reviewers and extensions.

Unlike malicious browser extensions that can turn your PC into a botnet or harvest your cookies, none of the extensions examined here request any special permissions from users.

In some cases, the fake reviewers and phony extension developers used in this scheme share names, such as the case with "Brook ice," the Google account that positively reviewed the malicious Adobe and Microsoft Teams extensions.

Leaving aside these extensions which are outright fraudulent, so many legitimate extensions get abandoned or sold each year to shady marketers that it's wise to only trust extensions that are actively maintained.

News URL

https://krebsonsecurity.com/2021/05/using-fake-reviews-to-find-dangerous-extensions/