The developer of LastPass, a well-known password management app, has warned that the Apple App Store is releasing a fake LastPass app, most likely a phishing app used to steal user credentials. The fake app uses a similar name, similar icons, and a red-themed interface to the genuine app, and looks very close to the brand's genuine design.
Still, the name of this fake app is:"lasspass", and not"lastpass", which was published by:"parvati patel"。
The app has only one review, four reviews warning it to be fake, and LastPass has more than 52,000 reviews.
Since LastPass is used to store very sensitive information like authentication secrets and credentials (usernames, emails, and passwords), it is likely that the application was created to act as a phishing application and steal credentials.
Squid hasn't tested this app, so we're not familiar with its inner workings, potential phishing processes, or any other details about its functionality.
The real LastPass alerts customers to the risk of data loss by issuing a warning on its**.
LastPass's warning reads:"We've attached the URL of the fraudulent app along with a link to our legitimate app so customers can confirm that they're using the correct LastPass app until the fraudulent app is taken down. Rest assured, LastPass is actively working to take down this app as soon as possible and will continue to monitor for fraudulent clones of our apps or infringement of our intellectual property rights. "
Due to Apple's rigorous app review process, which ensures that the software in the app store meets high standards of privacy, security, and content, it is very rare for an app to be so clearly fraudulent in the Apple App Store**.
This process includes automated checks and manual reviews by Apple's team to ensure that developers must adhere to a detailed set of guidelines. Yet, somehow, this LastPass clone was accepted.
Additionally, when Apple discovers that an app violates its guidelines, it usually takes swift action to remove it from the App Store and ban the developer. However, at the time of writing, counterfeit LastPass is still available in the Apple App Store.
The same developer has another seemingly legitimate app on the App Store, so the possibility of their account being hijacked by malicious actors cannot be ruled out.
If you have installed a fake LastPass app, you should remove it immediately and create a new app in LastPasscom. Then, to be on the safe side, it is recommended to perform a reset of all passwords stored in the LastPass vault.