The fake LastPass password manager found on Apple’s App Store has now been pulled. It is currently unknown whether Apple or the bogus software developer uninstalled the phony program — which disguised itself as the LastPass password manager on the Apple App Store. Apple has not responded to inquiries about the removal, though Apple is quite vigilant about these types of issues and relentlessly guards its app store.
Christofer Hoff, Chief Secure Technology Officer for LastPass, in a statement to TechCrunch, said, “Upon seeing the fake ‘LassPass’ app in the Apple App store, LastPass immediately began a coordinated and multi-faceted approach across our threat intelligence, legal and engineering teams to get the fraudulent app removed.” Hoff continues, “Our threat intelligence team posted a blog yesterday to raise awareness and help inform the public and our customers of the situation. We are in direct contact with representatives from Apple, and they have confirmed receipt of our complaints, and we are working through the process to have the fraudulent app removed.”
To mislead consumers, the fraudster app mimicked LastPass’s branding and user interface
In an effort to mislead consumers, the fraudster app mimicked LastPass’s branding and user interface and was distributed under the identity of a single developer, Parvati Patel. The phony program included several typos, which should always give one pause and hints that something may be a fake. In addition to being released by a separate developer who was not LogMeIn — the company that owns LastPass.
It’s not really good for Apple Inc., which has been fighting against so many regulations recently — like the EU’s Digital Markets Act (DMA)- that such an apparently fraudulent app made it through Apple’s generally rigorous App Review process.
Appfigures, an app analytics company, reported that the phone app was released on January 21st, giving it a few weeks to get users’ attention. Appfigures saw that the users themselves appeared to have realized that the app was phony because every one of the Apple App Store reviews warned others about the bogus nature of this app. The fake app even leveraged keywords to rank in search.
The fake app may have succeeded in tricking some users, even though it probably didn’t fake-out too many. The worst for the LastPass Company is that it was forced to alert its real users in a public forum about the fraudulent app in the store — even though it should have never been released in the first place. The app wasn’t taken down from the App Store until the day after LastPass’s blog post was published.
Featured Image Credit: WeStartMoney; Pexels