Downloading a password manager app is a smart way to keep your passwords organized and your online accounts safe. Unfortunately, downloading a fake password manager is a good way to have your personal information stolen. We bring that up because the developers of LastPass published a blog post this week warning iPhone owners about an app called “LassPass” that is masquerading as their password manager app on the Apple App Store.
“LastPass would like to alert our customers to a fraudulent app attempting to impersonate our LastPass app on the Apple App Store,” said LastPass analyst Mike Kosak. “The app in question is called “LassPass Password Manager” and lists Parvati Patel as the developer.”
LassPass “attempts to copy our branding and user interface, though close examination of the posted screenshots reveal misspellings and other indicators the app is fraudulent,” Kosak said. You can see the evidence he’s referring to in the screenshot below:
If you downloaded the app LassPass, your best bet is to delete it from your iPhone and change any passwords you might have tried to store in it. There’s no real telling what the developer has in store for the app, but it certainly looks like a potential scam.
The good news is that Apple appears to have taken the app down, as I was unable to find it in the App Store at the time of writing. Either way, the fact that Apple allowed the app on the App Store in the first place is especially worrisome.
Last year, Apple bragged about rejecting “nearly 1.7 million app submissions for failing to meet the App Store’s high standards for privacy, security, and content.” That’s all well and good, but how did “LassPass” make it through the submission process?