Watch out - there's a fake version of LastPass on the Apple App Store

LastPass
(Image credit: LastPass)

LastPass has warned that there is a fake version of its app on the Apple App Store, called "LassPass Password Manager [sic.]." 

The password manager vendor explained that the developer of the fake app is listed as Parvati Patel, and copies the firms' branding and user interface. The real developer of the legitimate app is "LogMeIn Inc.", the parent company of LastPass.

LastPass says that it "is actively working to get this application taken down as soon as possible, and will continue to monitor for fraudulent clones of our applications and/or infringements upon our intellectual property."

More trouble

This is not the first security incident to affect LastPass. In October 2022, it infamously suffered a series of breaches which resulted in users' password vaults being stolen by threat actors. However, the vaults remained encrypted, so the hackers could only access the stored credentials if they guessed or cracked the master passwords securing the vaults.  

There was still some fallout linked to the breaches, however, including a crypto-stealing scam that was thought to have made use of stolen LastPass accounts. The hackers in this case may have been able to crack the master passwords securing users' vaults, especially if the passwords were weak and easy to guess, or had been reused from other accounts that were found in previous data breaches. 

It is not often fraudulent apps of such a high profile are found in Apple's app store, given the stringent controls the tech giant places on it. Google's Play Store, on the other hand, frequently sees fake and malicious apps uploaded to its platform.

Recently, six malicious Android apps were found on the store that were pretending to be chat apps, but actually contained info-stealing malware that could swipe contacts, call logs, and SMS messages.

On its blog post, LastPass has provided the URLs for both the fake and legitimate versions of the app on the App Store, "so that customers can verify they are downloading the correct LastPass application for themselves until the fraudulent app is taken down."

MORE FROM TECHRADAR PRO

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.