Fake LastPass Chrome Extension Found on the Google Web Store
Security Update : Security researchers from Malwarebytes have spotted a malicious Chrome extension posing as the real LastPass add-on and later helped Google remove it from their store.
The extension was named “LastPass: Free Password Manager” and it used all the logos and images of the real LastPass app to fool users into installing it in their browsers.
Once this happened, the extension would request permission to show notifications, and would add a button to the user’s app screen.
“Once done, we clicked the icon on Chrome’s app page expecting it to execute malicious code, but instead it redirected us to a page on the website: appforchrome[DOT]com,” said Jovi Umawing, security researcher at Malwarebytes.
Curiously, the LastApp did not steal passwords or changed browser settings, but only redirected users to ad-infested Web page… (read more)