skip to Main Content

At The Identity Organisation, we're here to help!

Slide Get in Touch With Us We work closely with our clients to understand their goals and then help them develop their plans in accordance with their core requirements. Our success is our clients success. Get in touch with us to uncover and deliver on opportunities that build lasting value. How to find us The Identity Organisation Ltd
Mercury House
19-21 Chapel Street, Marlow,
Bucks, SL7 2HN
Contact Details +44 (0) 1628 308038
info@tidorg.com

Alternatively, fill in our contact form below and one of our consultants will be in touch.

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Fake Positive Reviews Mask Spoofed Browser Extensions

    fake-browser-extension-reviews

    Malicious browser extensions often have fake positive reviews to garner trust from users, according to Brian Krebs. Krebs describes a phony Microsoft Authenticator extension in the Google Chrome Store that had five user reviews. Three were one-star reviews warning users that the extension was malware, while two were positive reviews praising the app’s convenience. Krebs also found that the developer of the app had made another phony app; that one had only positive reviews.

    Krebs worked with Hao Nguyen, the developer of chrome-stats.com, to track the accounts behind the phony extensions and reviews.

    “Like an ever-expanding Venn diagram, a review of the extensions commented on by each new fake reviewer found led to the discovery of even more phony reviewers and extensions,” Krebs writes. “In total, roughly 24 hours worth of digging through chrome-stats.com unearthed more than 100 positive reviews on a network of patently fraudulent extensions.”

    Krebs and Nguyen identified 45 malicious browser extensions that had a collective total of nearly 100,000 downloads.

    “The extensions spoofed a range of consumer brands, including Adobe, Amazon, Facebook, HBO, Microsoft, Roku, and Verizon,” Krebs writes. “Scouring the manifests for each of these other extensions in turn revealed that many of the same developers were tied to multiple apps being promoted by the same phony Google accounts. Some of the fake extensions have only a handful of downloads, but most have hundreds or thousands. A fake Microsoft Teams extension attracted 16,200 downloads in the roughly two months it was available from the Google store. A counterfeit version of CapCut, a professional video editing software suite, claimed nearly 24,000 downloads over a similar time period.”

    Krebs notes that none of these apps request special permissions from users, and instead trick users into entering sensitive information voluntarily. New-school security awareness training can give your employees a healthy sense of skepticism so they can avoid falling for these scams.


    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    close

    Sign Up to the TIO Intel Alerts!

    Back To Top