Chrome web store hosting fake LastPass plugin
There are many applications in the market that allow password management, this makes the user comply with corporate policies/procedures and reduce user interaction to change passwords for each application within a predefined period. Cyber criminals also focus on similar type of applications that are widely used to create fake programs for them shipped with malware like fake LastPass plugin.
Malwarebytes security researchers are warning of a new Chrome fake browser extension that claims to be for LastPass password manager. This fake LastPass plugin displays fake advertisements, redirect users to web-pages and installs rogue software tools.
By installing the plug-in there was no malicious code executed but instead victim will be redirected to appforchrome.com website. This page include some active links that by clicking any of them will create income for attacker and download install malicious tools.
At the moment google have removed the fake plugin from chrome web store so user will find only the original LastPass plugin. you can find the full analysis by malwarebyte over this link: https://blog.malwarebytes.org/cybercrime/2016/04/fake-lastpass-extension-exposes-users-to-ads-and-installs/