A fake version of the LastPass password manager has been discovered in the Apple App Store.

LastPass has warned that a counterfeit copy of its password manager has appeared in the Apple App Store. This application is a phishing application designed to steal user credentials.

The fake app uses a similar name to the original, as well as a similar icon and red interface to create the impression of authenticity. However, its name “LassPass” is different from the original “LastPass” and the publisher is named Parvati Patel. In addition, the fake app has only one rating (while the genuine app has over 52,000) and only four reviews warning that it is fake.

It is worth noting that this fake app developer has another legitimate app in the App Store, which raises the possibility of his account being hacked by attackers.

Given that LastPass is used to store sensitive information such as authentication credentials and passwords, the fake app was likely created to steal this information.

Specialists from the information security company Malwarebytes note that the page of the LassPass application in the App Store previously indicated that the privacy policy was available on the website bluneel[.]com, but this page was deleted. According to Whois data, the domain was registered just five months ago.

There is no evidence yet that the LassPass app stole LastPass users’ credentials or copied their stored data. However, the app provided users with fields to enter a variety of sensitive data, including passwords, email, and physical addresses, as well as bank, credit, and debit card information.

The LastPass developers have added a warning that includes the URL of the fraudulent app as well as a link to the legitimate app so that users can ensure they are downloading the correct LastPass app until the fraudulent app is removed. The message reads: “Rest assured that LastPass is actively working to get this app removed as soon as possible and will continue to monitor for fraudulent clones of our apps and/or attacks on our intellectual property.”

The fake LastPass app has now been removed from the App Store. However, Apple left this developer’s second application in the store without providing official comments about the reasons for this decision.

Fake apps appearing on the Apple App Store is a rare occurrence, as Apple’s typically rigorous app review process ensures they meet all privacy and security standards. This process includes automated reviews as well as manual reviews by Apple experts. However, the fake LastPass app somehow managed to sneak into the official Apple store.

0 / 5

Your page rank:

Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment