A fake LastPass app has made its way onto the Apple App Store, a likely attempt to steal users’ sensitive information.
LastPass is a widely-used password manager that is available on a variety of platforms, including iOS. As a password manager, the app is popular target for hackers and bad actors, as evidenced by the breach the company experienced in 2022.
The company’s latest issue is a fraudulent app that tries to pass itself off as the official LastPass app on the App Store. Mike Kosak, LastPass Senior Principal Intelligence Analyst, detailed the issue:
LastPass would like to alert our customers to a fraudulent app attempting to impersonate our LastPass app on the Apple App Store. The app in question is called “LassPass Password Manager” and lists Parvati Patel as the developer. The app attempts to copy our branding and user interface, though close examination of the posted screenshots reveal misspellings and other indicators the app is fraudulent.
Interestingly, the app was still available when BleepingComputer reported on the news a day after LastPass first revealed the problem, although it has since been taken down.
The issue is a particularly bad look for Apple at a time when the company is facing increased criticism and regulatory action aimed at forcing it to open its iOS ecosystem to third-party app stores. Apple has repeatedly pushed back with the argument that its walled-garden approach provides increased security for its users.
Unfortunately, the fact that a fake LastPass app made it onto the App Store at all, let alone took at least a day to be removed, undermines Apple’s argument.