Fake LastPass App Targets iPhone Users – Beware!

Amidst Apple’s positioning of its App Store as a bastion of security and reliability, the company encountered a formidable threat to its reputation: a fraudulent application, masquerading as LastPass, found its way into the official catalog.

Despite assurances of security, the app verification process failed to prevent this counterfeit from infiltrating the App Store. The app, dubbed LassPass and bearing a strikingly similar logo to the official one, was expunged by Apple two days following direct communication from LastPass representatives.

Mike Kosak, a senior analyst at LastPass, issued a caution to users via the service’s official blog, attaching screenshots and links to both the fraudulent and legitimate applications.

Remarkably, another potentially harmful app from the same developer, Parvati Patel, remained unremoved by the company, despite clear violations of store policies by uploading a blatant forgery.

The spurious LastPass app solicited personal information from users, including passwords and bank card details, and offered paid subscriptions. Yet, whether the app harvested LastPass account data or copied stored information was not determined.

Thomas Reed from Malwarebytes observed that the privacy policy page of the forgery was inaccessible, and the domain listed for this page had been registered merely five months prior. This underscores the importance of diligently vetting applications before downloading.

The incident with the counterfeit LastPass app raises significant concerns regarding the App Store’s review processes and security policies, as well as the measures Apple undertakes to shield its users from fraudulent applications.