A pretend LastPass app has made its method onto the Apple App Retailer, a possible try to steal customers’ delicate data.
LastPass is a widely-used password supervisor that’s obtainable on quite a lot of platforms, together with iOS. As a password supervisor, the app is well-liked goal for hackers and unhealthy actors, as evidenced by the breach the corporate skilled in 2022.
The corporate’s newest subject is a fraudulent app that tries to cross itself off because the official LastPass app on the App Retailer. Mike Kosak, LastPass Senior Principal Intelligence Analyst, detailed the problem:
LastPass want to alert our prospects to a fraudulent app trying to impersonate our LastPass app on the Apple App Retailer. The app in query known as “LassPass Password Supervisor” and lists Parvati Patel because the developer. The app makes an attempt to repeat our branding and person interface, although shut examination of the posted screenshots reveal misspellings and different indicators the app is fraudulent.
Apparently, the app was nonetheless obtainable when BleepingComputer reported on the information a day after LastPass first revealed the issue, though it has since been taken down.
The difficulty is a very unhealthy search for Apple at a time when the corporate is dealing with elevated criticism and regulatory motion aimed toward forcing it to open its iOS ecosystem to third-party app shops. Apple has repeatedly pushed again with the argument that its walled-garden strategy offers elevated safety for its customers.
Sadly, the truth that a pretend LastPass app made it onto the App Retailer in any respect, not to mention took a minimum of a day to be eliminated, undermines Apple’s argument.