Caution! Your Login Information Could Have Been Stolen by This LastPass Clone App
Both Apple and Google make it difficult for developers to sneak in apps that don’t meet their requirements, but sometimes bad actors can find loopholes that can slip past the eyes of app reviewers.
That’s exactly what happened when a clone of the popular password manager LastPass hit the Apple App Store.
The presence of an application called LassPass in the App Store was brought up by LastPass in its blog. According to a blog alert, the said app copies the design, interface and branding of LastPass. Moreover, the company had even mentioned a link to the now-removed fraudulent app.
The app could have asked users to provide user login information, passwords to various websites, and credentials. In turn, a rogue developer has been able to use this information against users.
Imagine a scenario where a malicious actor has access to your email, bank account, and social media accounts—all made possible by an app that asks for your usernames and passwords. The app could do the same as it has login details, passwords for various websites and credentials. At this time, it is still uncertain whether any users have fallen victim to exploitation.
“We’re bringing this to our customers’ attention to avoid potential confusion and/or loss of personal information. For clarity, we’ve included the URL of the fraudulent app below, along with a link to our legitimate app, so customers can ensure they’re downloading the correct LastPass app for them until the fraudulent app is removed,” in the blog reads.
LastPass also assured users that it was working to get the app removed from the App Store, and so far Apple appears to have removed the app.
In the future, if you come across an app that closely mimics an app you’re familiar with and seems suspicious, be sure to report it. This proactive step can lead to its removal, helping to prevent potential harm and loss.