A fake version of the password management app 'LastPass' is discovered on the App Store, and the risk of fraudulent apps created to steal passwords is high
by
It has been discovered that a fake app masquerading as the password management app `` LastPass Password Manager '' was being distributed on the App Store. The app in question has since been removed, but it's unclear whether it was removed by Apple or its creator.
Warning: Fraudulent App Impersonating LastPass Currently Available in Apple App Store - The LastPass Blog
https://blog.lastpass.com/2024/02/warning-fraudulent-app-impersonating-lastpass-currently-available-in-apple-app-store/
Fake LastPass password manager spotted on Apple's App Store
https://www.bleepingcomputer.com/news/security/fake-lastpass-password-manager-spotted-on-apples-app-store/
A fake app masquerading as password manager LastPass just got pulled from the App Store | TechCrunch
https://techcrunch.com/2024/02/08/a-fake-app-masquerading-as-password-manager-lastpass-just-got-pulled-from-the-app-store/
The fake app ``LassPass Password Manager'' that was discovered this time uses an app name and icon that are very similar to the real thing as shown below, and the design is based on a red color similar to the real thing.
While the real app's developer name is LogMeIn, Inc., the fake app is registered under the personal name Parvati Patel. Additionally, the real app had approximately 52,000 ratings at the time of article creation, while the fake app had only one rating. There were also 4 reviews posted warning that it was a fake.
Password management apps are used to manage highly sensitive information such as usernames, email addresses, and passwords, so this fake app could be a phishing app designed to steal credentials. It is considered to be of high quality.
The App Store has a strict review process to check whether apps meet high standards for privacy, security, etc., so clearly fraudulent apps like the one discovered this time are not listed on the App Store. Very rare.
In this case, the developer of the fake app has published another app that appears to be legitimate on the App Store, so there is a possibility that the developer's account was hijacked by someone with malicious intent. Bleeping Computer, a related news site, pointed out.
The fake app ``LassPass Password Manager'' was released on January 21, 2024, and was distributed on the App Store for about two weeks until the problem was discovered, but it has been deleted at the time of article creation.
LastPass told tech news site TechCrunch that it is in contact with Apple's representatives regarding this matter, including confirming why the fake app passed App Store review.
Christopher Hoff, Chief Security Technology Officer at LastPass, said, ``The name, icon, and description of the fake app are all stolen from LastPass, so this is a deliberate attempt to target LastPass users.'' 'We are conducting an investigation to better understand how these apps were able to get past the App Store's strict security and brand protection mechanisms.'
Related Posts: