Malicious browser extensions often have fake positive reviews to garner trust from users, according to Brian Krebs. Krebs describes a phony Microsoft Authenticator extension in the Google Chrome Store that had five user reviews. Three were one-star reviews warning users that the extension was malware, while two were positive reviews praising the app’s convenience. Krebs also found that the developer of the app had made another phony app; that one had only positive reviews.

Krebs worked with Hao Nguyen, the developer of, to track the accounts behind the phony extensions and reviews.

“Like an ever-expanding Venn diagram, a review of the extensions commented on by each new fake reviewer found led to the discovery of even more phony reviewers and extensions,” Krebs writes. “In total, roughly 24 hours worth of digging through unearthed more than 100 positive reviews on a network of patently fraudulent extensions.”

Krebs and Nguyen identified 45 malicious browser extensions that had a collective total of nearly 100,000 downloads.

“The extensions spoofed a range of consumer brands, including Adobe, Amazon, Facebook, HBO, Microsoft, Roku, and Verizon,” Krebs writes. “Scouring the manifests for each of these other extensions in turn revealed that many of the same developers were tied to multiple apps being promoted by the same phony Google accounts. Some of the fake extensions have only a handful of downloads, but most have hundreds or thousands. A fake Microsoft Teams extension attracted 16,200 downloads in the roughly two months it was available from the Google store. A counterfeit version of CapCut, a professional video editing software suite, claimed nearly 24,000 downloads over a similar time period.”

Krebs notes that none of these apps request special permissions from users, and instead trick users into entering sensitive information voluntarily. New-school security awareness training can give your employees a healthy sense of skepticism so they can avoid falling for these scams.