Watch out - there's a fake version of LastPass on the Apple App Store

LastPass
(Image credit: LastPass)

LastPass has warned that there is a fake version of its app on the Apple App Store, called "LassPass Password Manager [sic.]." 

The password manager vendor explained that the developer of the fake app is listed as Parvati Patel, and copies the firms' branding and user interface. The real developer of the legitimate app is "LogMeIn Inc.", the parent company of LastPass.

LastPass says that it "is actively working to get this application taken down as soon as possible, and will continue to monitor for fraudulent clones of our applications and/or infringements upon our intellectual property."

More trouble

This is not the first security incident to affect LastPass. In October 2022, it infamously suffered a series of breaches which resulted in users' password vaults being stolen by threat actors. However, the vaults remained encrypted, so the hackers could only access the stored credentials if they guessed or cracked the master passwords securing the vaults.  

There was still some fallout linked to the breaches, however, including a crypto-stealing scam that was thought to have made use of stolen LastPass accounts. The hackers in this case may have been able to crack the master passwords securing users' vaults, especially if the passwords were weak and easy to guess, or had been reused from other accounts that were found in previous data breaches. 

It is not often fraudulent apps of such a high profile are found in Apple's app store, given the stringent controls the tech giant places on it. Google's Play Store, on the other hand, frequently sees fake and malicious apps uploaded to its platform.

Recently, six malicious Android apps were found on the store that were pretending to be chat apps, but actually contained info-stealing malware that could swipe contacts, call logs, and SMS messages.

On its blog post, LastPass has provided the URLs for both the fake and legitimate versions of the app on the App Store, "so that customers can verify they are downloading the correct LastPass application for themselves until the fraudulent app is taken down."

MORE FROM TECHRADAR PRO

Lewis Maddison
Staff Writer

Lewis Maddison is a Staff Writer at TechRadar Pro. His area of expertise is online security and protection, which includes tools and software such as password managers. 


His coverage also focuses on the usage habits of technology in both personal and professional settings - particularly its relation to social and cultural issues - and revels in uncovering stories that might not otherwise see the light of day.


He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.