Fake LastPass App Sneaks Past Apple's Review Team

[MacRumors]

Popular password management app LastPass is warning customers about a fraudulent app that uses a similar name and icon to attempt to trick LastPass customers into using the fake app instead of the real app (via Bleeping Computer).

The "LassPass Password Manager" app was somehow approved by Apple's App Store review team, even though it appears to clearly mimic the LastPass app. It doesn't use exactly the same icon and the name is a letter off, but the similarities could confuse some LastPass users.

It is unclear if the fake LassPass app is attempting to steal login information from users, but it does have options for adding passwords, email accounts, addresses, bank accounts, credit cards, debit cards, and more. It doesn't ask for a LastPass login of any kind, but it is possible that the developer can see information added to the app.

There is also a "PRO" upgrade that costs $1.99 per month, $9.99 per year, or $49.99 for a "lifetime" subscription, so the aim of the app may be collecting subscription money from customers. Either way, LastPass users should be aware of the fake app and should avoid it. At best it is aiming to steal money, and at worst, it is stealing passwords and credit card information.

Clone apps often make their way into the App Store, but the app impersonating LastPass is particularly concerning because it could be accessing sensitive information. It is not clear how an app mimicking one of the most popular password management apps was approved by Apple, and its discovery comes at a critical time for the company.

Apple has been promoting the safety and security of the App Store as it prepares to allow for alternate app marketplaces in the European Union, and allowing a fake password management app onto the App Store is not a good look.

LastPass contacted Apple to get the clone app removed from the App Store, and it was pulled at around 11:00 a.m. Pacific Time on February 8.
Apple removed the fraudulent LassPass app because it violated the App Store rule preventing copycat apps. The developer has also been removed from the Apple Developer Program and won't be able to submit future apps.

Article Link: Fake LastPass App Sneaks Past Apple's Review Team

 

[TruthAboveAllElse]

The app should be down already. Disappointed in Apple's lack of urgency here.

Edit: looks like they removed it now

 

[till]

When you open the App Store in iOS 17.4, at least in the EU, you get a new message about how the App Store is wonderful and safe and secure and private. Really embarrassing time for this to happen. It's really easy for an app like this to steal your passwords unless Apple is doing a meticulous security audit, which they're clearly not.

 

[nt5672]

If Apple spent the money they spend on advertising that the App Store is secure in actually making the App Store secure we would all benefit.

 

[LeeW]

Harder to argue against the EU doing what they do whilst preaching the safety and security of Apple when this happens.

 

[zorinlynx]

I can understand a dodgy update sneaking through because those are mostly approved automatically but shouldn't an actual person be reviewing NEW apps? How the heck did this sneak through?

 

[falkon-engine]

Don’t need the EU for this one 😂😂 but makes me wonder what types of spam apps will lurk on the alternative app stores.

 

[klasma]

Good thing we’ll have safer alternative app stores soon and won’t have to rely on Apple’s superficial app review anymore.

 

[xraydoc]

Imagine this (and others) on an app store not under Apple's control.

 

[needsomecoffee]

Apple, one of the most litigious companies, seems to ignore Trademark rights for all apps in its store. Search on any well known, trademarked, product name. There may be dozen(s) of fraud apps appearing before the true rights owner's app. But, as we found out in the EU process, Apple's only real concern is user safety. The whole process (EU and Apple) is just so self-interested. Caveat emptor. I hate the App Store, and on my Mac I ALWAYS look for ways to avoid it (e.g. buy from Affinity web site for all their great apps.)

 

[bbplayer5]

Apple is getting to the point where they REALLY need to be taken down a peg.

 

[klasma]

I can understand a dodgy update sneaking through because those are mostly approved automatically but shouldn't an actual person be reviewing NEW apps? How the heck did this sneak through?

There have been enough legitimate updates denied that I don’t think they distinguish that much between the two.

 

[sw1tcher]

I can understand a dodgy update sneaking through because those are mostly approved automatically but shouldn't an actual person be reviewing NEW apps? How the heck did this sneak through?

Reviewers too busy defending Apple and their anti-consumer ways on MacRumors

 

[Supercyborgninja]

That’s wild 😳 how does this happen when a lot of iOS devs have to submit their stuff 2-3 times before approval?

Yikes..

 

[Jamie0003]

All over Reddit is people saying this kind of crap never happens on the AppStore, and the EU forcing the store to be opened up will be the iPhones downfall

 

[I7guy]

When you open the App Store in iOS 17.4, at least in the EU, you get a new message about how the App Store is wonderful and safe and secure and private. Really embarrassing time for this to happen. It's really easy for an app like this to steal your passwords unless Apple is doing a meticulous security audit, which they're clearly not.

Yeah and imo this scenario can be expected to replay itself with abandon.

 

[I7guy]

All over Reddit is people saying this kind of crap never happens on the AppStore, and the EU forcing the store to be opened up will be the iPhones downfall

Maybe Reddit is wrong and people shouldn’t believe EVERYTHING on the internet is true.

 

[turbineseaplane]

I thought Apple was our "sentry of safety"?

 

[Reverend Benny]

I can only imagine that Apple can provide a list of what users and devices that has downloaded the App an use any of the tools they do have to block the App.
They should be able to reach out to the users fairly quick to warn them that the downloaded software is fraudware.

 

[Rychiar]

Wow and they gave me such a hard time submitting a funny stickers app right down to asking what the purpose of it was…

 

[turbineseaplane]

Imagine this (and others) on an app store not under Apple's control.

Good point!

Sounds like a better and more useful experience without the nonsense oversight that is letting this stuff right through.

Let's be honest - they only care about making sure you're not trying to evade them getting their cut of the money.

 

[WarmWinterHat]

All over Reddit is people saying this kind of crap never happens on the AppStore, and the EU forcing the store to be opened up will be the iPhones downfall

The more time you spend on Reddit the less informed you are.

 

[Nozuka]

Probably almost as safe as the real LastPass app...

 

[BC2009]

The AppStore review process is horrendous and needs a complete overhaul. This is the one single thing Apple should make a priority.

 

[Bustycat]

All over Reddit is people saying this kind of crap never happens on the AppStore, and the EU forcing the store to be opened up will be the iPhones downfall

I don't see how craps can happen that kind of crap.