Password Manager LastPass has warned about a fraudulent app called “LassPass Password Manager” which it found on the Apple App Store.
The app closely mimics the branding and appearance of LastPass, right down to the interface. So, even if the name was a “happy accident” it seems clear that this was a purposeful attempt to trick users installing the fake app.
The fake app can be recognized not only by the name, but other misspellings in the screenshots, and the app lists Parvati Patel as the developer and the privacy policy as hosted at bluneel[.]com. The developer of the legitimate LastPass app is LogMeIn, Inc.
While using a genuine password manager provides extra security, entrusting your passwords to an app that is a rip-off does not. Obviously, storing all your passwords in an app that is not trustworthy can get you in all kinds of trouble, including identity theft.
We have not tested if the app sends your passwords to a third-party, but we should assume that it does just that.
In the App Store the impersonator claims to be “Trusted by over 1+ million users and 10,000+ businesses” which clearly can’t be right and was most certainly copied from LastPass.
LastPass states that it is:
“… actively working to get this application taken down as soon as possible, and will continue to monitor for fraudulent clones of our applications and/or infringements upon our intellectual property“
But at the time of writing the app was still available in the Apple App Store.
Malwarebytes Premium and Malwarebytes Browser Guard block the domain bluneel[.]com so users will see a warning about the trustworthiness of the app.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.