HomeTechApple Pulls Fake LastPass App From Its App Store

Apple Pulls Fake LastPass App From Its App Store

UPDATE 2/9: Apple has removed the “LassPass” app from its App Store and also pulled the app’s developer from its developer program, the company confirms to PCMag. Apple says it has also received a trademark dispute against the now-removed app.

UPDATE 4 p.m. ET: The bogus app appears to have been removed from the App Store, as the listing now returns an error.

Original Story:
If you’re looking to download a password management app right now, be careful—there’s a fake LastPass app on Apple’s App Store.

The fake app’s page has a very similar logo and color theme as the legitimate app, but the impersonator is going under the name “LassPass” instead.

The fake app has reportedly been live for a few days already and is still available on the iOS App Store for iPads and iPhones at time of this writing.

Thankfully, the app doesn’t show up high on the search results, even if users make a typo. But it still poses a risk, and its negative user reviews suggest some may have already downloaded it. Review dates show that the app has been live on the App Store since at least Sunday.

LastPass alleges that the app is “fraudulent.”

“We are raising this to our customers’ attention to avoid potential confusion and/or loss of personal data,” LastPass Senior Principal Intelligence Analyst Mike Kosak wrote in a Wednesday blog post.

“LastPass is actively working to get this application taken down as soon as possible, and will continue to monitor for fraudulent clones of our applications and/or infringements upon our intellectual property,” Kosak added.

LastPass Chief Secure Technology Officer Christofer Hoff tells PCMag via email that the company is in “direct contact” with Apple regarding the issue.

“Upon seeing the fake ‘LassPass’ app in the Apple App store, LastPass immediately began a coordinated and multi-faceted approach across our threat intelligence, legal and engineering teams to get the fraudulent app removed,” Hoff says.

“We are in direct contact with representatives from Apple, and they have confirmed receipt of our complaints, and we are working through the process to have the fraudulent app removed,” Hoff continued. “We are also working with Apple to understand more broadly how an application like this passed their normally rigorous security and brand protection mechanisms. The naming convention, the iconography and the description of the fraudulent app are all heavily borrowed from LastPass, and this appears to be a deliberate attempt to target LastPass users.”

Recommended by Our Editors

Antivirus firm MalwareBytes called the fake password app “a purposeful attempt to trick users” in a Thursday post warning its users about the listing. The company also said that it blocked the fake app’s domain for its Malwarebytes browser guard and premium users so that its users are aware of the app’s questionable status.

Apple, which has long made claims about the safety of its app store, says on its website that the tech giant reviews all apps for safety. Apple also doesn’t allow developers to publish misleading app screenshots that misrepresent what an iOS app can actually do. Apple says that all of the apps on its store are also screened for “known malware,” and that over 215,000 App Store app submissions were rejected in 2023 for not meeting its privacy standards.

This is far from the first time a possibly malicious app has made its way past Apple’s security checks, however. Last month, a fake iOS app for the viral pet battler Palword surfaced on the App Store, prompting the game’s developer to issue a statement warning users that downloading it could lead to personal data loss or fraud.

A 2021 report from The Washington Post found that Apple’s App Store is “teeming with scams,” with malicious apps costing users over $48 million.

Editors’ Note: This story has been updated to include comments from LastPass’ Hoff.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments