Fake LastPass password manager app unearthed on Apple's App Store

AppleInsiderAppleInsider
Posted:
in iOS

The makers of the LastPass password manager have issued a warning that "LassPass" on the App Store is fraudulently impersonating the real app.

The
The "LassPass" app on the App Store



LastPass is one of many password managers available, although it has had its share of controversies. Now it has issued an alert concerning an alleged fraudulent copy of its app.

"LastPass would like to alert our customers to a fraudulent app attempting to impersonate our LastPass app on the Apple App Store," says the warning in a blog post. "The app in question is called 'LassPass Password Manager' and lists Parvati Patel as the developer."

"The app attempts to copy our branding and user interface," continues the warning, "though close examination of the posted screenshots reveal misspellings and other indicators the app is fraudulent."

This "LassPass" app does indeed resemble LastPass's branding and while its description doesn't follow the real app's wording, it is fundamentally the same. That said, it would be since the descriptions concern the same emphasis on the importance of password security, and on similar app features that any password manager would have.

That said, it is seemingly passing itself off as LastPass, which raises the question of whether it's not just a knockoff, but instead a tool for later phishing. In any case, it's bad that a knockoff of an extremely well known app get through the App Store's review team -- especially when Apple is arguing that this process means it's more secure than third-party stores.

"Rest assured, LastPass is actively working to get this application taken down as soon as possible," continues the LastPass blog, "and will continue to monitor for fraudulent clones of our applications and/or infringements upon our intellectual property."



Read on AppleInsider

Comments

  • Reply 1 of 4
    chasmchasm Posts: 3,308member
    Assuming LastPass followed normal developer procedure and reported it to Apple first, I am pretty shocked and disappointed that Apple didn’t suspend the app immediately after hearing from the company, and that LastPass had time to issue a press release, and says it is “actively working” to get the fake app taken down.

    It sure looks from here like the App Store review team has dropped the ball on this one, and I hope that by the time I finish typing this comment they will have taken down the imposter app. If not, they are giving a green light to others to try putting imposter apps in the App Store.
    edited February 8 elijahgwilliamlondonmuthuk_vanalingamwilliamhgrandact73watto_cobra
  • Reply 2 of 4
    charlesncharlesn Posts: 842member
    Without knowing any further details other that what's reported here, this calls into serious question what Apple's review process involves. There is nothing tricky or slyly deceptive going on here that would make it hard to spot--this an egregious, couldn't-be-more-blatant attempt to steal passwords via the almost primitive method of faking a well-known app by changing a letter in its name. And if Apple can't catch THIS in review, what else is getting by them?
    edited February 8 williamlondonmuthuk_vanalingamwilliamhgrandact73watto_cobra
  • Reply 3 of 4
    williamhwilliamh Posts: 1,034member
    Looks like it was taken down.  Lasspass might have been a good name for a British dating app.

    Also: Totally agree with Charlesn.
    edited February 9 watto_cobra
  • Reply 4 of 4
    atlaurenatlauren Posts: 1member
    Not to mention, the alleged author “Pavarti Patel” is one letter away from a Harry Potter character.
Sign In or Register to comment.