The “LassPass Password Manager” app was somehow approved by Apple’s App Store review team, even though it appears to clearly mimic the LastPass app. It doesn’t use exactly the same icon and the name is a letter off, but the similarities could confuse some LastPass users.
It is unclear if the fake LassPass app is attempting to steal login information from users, but it does have options for adding passwords, email accounts, addresses, bank accounts, credit cards, debit cards, and more. It doesn’t ask for a LastPass login of any kind, but it is possible that the developer can see information added to the app.
There is also a “PRO” upgrade that costs $1.99 per month, $9.99 per year, or $49.99 for a “lifetime” subscription, so the aim of the app may be collecting subscription money from customers. Either way, LastPass users should be aware of the fake app and should avoid it. At best it is aiming to steal money, and at worst, it is stealing passwords and credit card information.
Clone apps often make their way into the App Store, but the app impersonating LastPass is particularly concerning because it could be accessing sensitive information. It is not clear how an app mimicking one of the most popular password management apps was approved by Apple, and its discovery comes at a critical time for the company.
Apple has been promoting the safety and security of the App Store as it prepares to allow for alternate app marketplaces in the European Union, and allowing a fake password management app onto the App Store is not a good look.
LastPass says that it is working to get the clone app removed from the App Store. Though LastPass published its alert yesterday, and presumably contacted Apple at the same time, the app remains in the App Store as of now.
Discuss this article in our forums