The App Store has removed an app that impersonated the LastPass password manager. The store took the action after the developer published an alert on its blog. The fake app likely aimed to steal victims’ login information.
The fake app used a name almost identical to that of the password manager: LassPass. Also, the logo was similar, but not the same. The interface also tried to mimic the legitimate version, but according to the company, there were spelling mistakes.
It was also possible to identify the scam by the name of the developer: on the app’s page, it was Parvati Patel, not the company LogMeIn. In addition, the fake had only one rating, while the real password manager has more than 52 thousand ratings from users in the United States.
“LastPass is actively working to get this app removed as soon as possible,” the company’s statement reads. “We will continue to monitor for fraudulent clones of our apps or violations of our intellectual property.”
Fake app is a risk for users
TechCrunch has been able to get more information about the fake LastPass, and it seems that, thankfully, the damage caused by it has been minor. The fake app was published on January 21, spending just over two weeks on the air.
According to the publication, the imitation was only in seventh place in the search results for the word “LastPass”, and did not appear among the most downloaded apps on the App Store.
TechCrunch also notes that the flaw in the App Store review process comes at a bad time for the company. Apple argues that opening up the iPhone for direct app installation, as the European Union wants, weakens the system’s security. This time, the threat came from the company’s own store.
The fake app was only removed a day after LastPass’s public alert. Christofer Hoff, the company’s head of security, says they are in contact with Apple to understand how the app passed the “rigorous safety and brand protection mechanisms.”