A fake LastPass app squatted the Apple App Store for almost three weeks


Corentin Béchade

February 9, 2024 at 9:59 a.m.

15

LastPass_Illus_0902 © © App Store / Clubic

A fake LastPass application ended up on the Apple App Store © App Store / Clubic

This is not a great image for Apple. On its application store, the company hosted a fraudulent application for three weeks attempting to pass itself off as the LastPass password manager.

Apple wanted to make the App Store “the safest and most secure place to download apps», but the latest example does not reassure much. LassPass, a bogus application wanting to ride on the success of the LastPass service, managed to slip into the Apple store despite its very less than laudable intentions.

A malicious copy of LastPass

In a blog post posted on February 7, LastPass explains that it contacted Apple to get rid of the fraudulent application and explains “draw the attention of our customers to the subject in order to avoid any confusion and/or loss of personal data.» As of today, the fake software is no longer available, but will have remained online from January 21 to February 8.

Fortunately, despite its name and icon obviously inspired by LastPass, the app has not managed to fool many people since it has never managed to rise to the top of the results when searching for the term “LastPass” and that most of the comments on his file were only warnings for potential victims.

Focused on the importance of removing the software from the App Store, LastPass did not study the behavior of the application and its risks to personal data. If the company does not provide information regarding possible data siphoning carried out via this fraudulent app, it should still be noted that it requested a lot of personal information such as the safe password, the email and postal addresses and even the users’ credit card number.

A complicated failure for Apple

This concern with the moderation of the App Store comes at a critical moment for Apple, which boasts to anyone who will listen about the security of its ecosystem to escape the new European rules on opening up to competition. It is also a new disappointment for LastPass which sees its image even more damaged, while it is trying to regain public trust since the terrible attack of 2022 where personal data was stolen.

In a statement made to Techcrunch, the company specified that it had contacted Apple to “trying to understand how an application like this escaped the normally serious vigilance of the teams“. At least this is a sign that LastPass is still attracting the attention of malicious hackers.

Best password manager, comparison in February 2024
To discover
Best password manager, comparison in February 2024

Jan 31, 2024 at 3:49 p.m.

Service comparisons

Source : LastPass via Techcrunch

Corentin Béchade



A journalist for almost 10 years, I have been in the tech and digital sector since my very first jobs. Tinkerer (a lot), librarian (a little), I developed a specialization in...

Read other articles

A journalist for almost 10 years, I have been in the tech and digital sector since my very first jobs. Tinkerer (a lot), librarian (a little), I have developed a specialization in the themes of ecology and digital technology as well as the protection of private life. On weekends I torture Raspberry Pis with lots of 'sudo' commands to relax.

Read other articles

  • Cyber ​​security

  • Password manager





Source link -99