LastPass is one of the most popular password tracking services. now Warn Creators against a fake application that managed to infiltrate the Apple App Store.
– We will make our customers aware of this to avoid potential confusion and/or loss of personal data, LastPass wrote in a blog post.
To make the app look as authentic as possible, the fake app used a similar logo in the same colors as the original, but with the name “LassPass.” “Parvati Patel” is listed as the developer.
– It looks bad
However, fake apps are not new, according to the security publication Sleeping computer It's a rare sight with such obvious counterfeiting in the App Store considering Apple's strict approval process.
– This process includes automated checks and manual review by the Apple team to ensure compliance with a detailed set of guidelines that developers must follow. However, this version of LastPass was somehow approved, Bleeping Computer wrote.
LastPass is also used to collect sensitive information like passwords, which makes it even more worrying.
Technology website TechCrunch Apple believes it's going badly for Apple, which has opposed the EU's new digital law as it is forced to open up to third-party app stores. The iPhone manufacturer has criticized this and claims that it will go beyond security and privacy.
Investigate what happened
It is not known whether or how much damage the fake app was able to cause. It reportedly launched on January 21, and was still available on Thursday, February 8. However, today, February 9, it has been removed.
Security firm Malwarebytes has also issued a warning against the fake app.
– We haven't tested whether the app sends your passwords to a third party, but we should assume it does just that, as it writes on Blog.
says Lastpass Security Director, Christopher Huff PCMag The company is in direct contact with Apple regarding this matter.
– We're working with Apple to understand more broadly how an app like this made it past typically stringent security and brand protection mechanisms. Hof told PC Mag that the naming convention, iconography, and description of the scam app are all heavily inspired by LastPass, and this appears to be a deliberate attempt to target LastPass users.
Apple has not yet commented on this issue.
“Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst.”