Beware of Fake LastPass Password Manager App That Steals Personal Information

Customers of LastPass have been alerted of a fraudulent app on the Apple App Store that poses as the legitimate LastPass app in an attempt to steal personal data.

Instead of being called “LastPass,” the app is called “LassPass,” and Parvati Patel is listed as the developer.  The app’s icon, user interface, and branding are remarkably similar to those of LastPass, which is available in the App Store.

“The app attempts to copy our branding and user interface, though close examination of the posted screenshots reveals misspellings and other indicators the app is fraudulent,” reads the LastPass alert.

Document
Protect Your Network From Data Breach

Perimeter’s 81 Malware Protection for Network Based Threats

Prevent malware from infecting your network at the delivery stage by intercepting malicious files in transit from their source to the target device’s web browser. .

Specifics of the Fraudulent Application in App Store

The application makes an effort to mimic its interface and logo, but taking a close look at the screenshots that have been shared reveals mistakes and other signs that the application is fake.  The fraudulent application has one rating, whereas the legitimate app has 52.3K ratings.

Fraudulent Application
Fraudulent Application

“We are bringing this to our customers’ attention to avoid potential confusion and/or loss of personal data,” said Mike Kosak, Senior Principal Intelligence Analyst.

This action coincides with Apple’s increased efforts to position the App Store as a secure alternative to the competing iOS app stores that the European Union has lately required.

This month, FastCompany published an interview with Phil Schiller, the head of the App Store. Schiller stated that the new app stores will “bring new risks” that Apple has historically avoided, such as hate speech, pornography, and other offensive content.

The fake password app was called “a purposeful attempt to trick users” by antivirus company MalwareBytes, alerting its users to the listing. To alert its users to the suspicious nature of the app, the business further stated that it had blacklisted the fake app’s domain for both premium and Malwarebytes browser guard users.

Apple Removed the Fake Application

Thursday morning, Apple removed the fake app ‘LassPass,’ according to LastPass, which had reported the application to Apple two days earlier and alerted users about its fake nature one day earlier.

Apple permitted a different app that the same developer submitted to stay in place simultaneously. Apple did not give a reason for keeping the following app in place or for eliminating the former.

A privacy policy about the separate app named PRAJAPATI SAMAJ 42 Gor ABD-GNR may be found at psag42[.]in/policy.html, dated December 2023. 

It is referred to as a “platform for the community” and an “application for Ahmedabad-Gandhinager Prajapati Samaj app.” Although the application was no longer downloadable when publishing, it was recently advertised on Google Play.

Since most businesses offer a direct download link for their apps on their official websites, use this link when installing new apps.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.