The phony LastPass password manager that was identified on the Apple App Store has been removed. It remains unclear whether Apple or the deceptive developer took down the fake application, which was pretending to be the legitimate LastPass password manager on the Apple App Store. Apple has not yet offered any comments on the situation, although Apple typically maintains a vigilant stance on such matters and is known for safeguarding its app store rigorously.
Christofer Hoff, the Chief Secure Technology Officer at LastPass, disclosed to TechCrunch, “Upon detection of the fraudulent ‘LassPass’ app on the Apple App Store, LastPass immediately initiated a well-coordinated effort involving our threat intelligence, legal, and engineering teams to have the fake app removed.” Hoff further stated, “Our threat intelligence team issued a blog post yesterday to create awareness and inform the public and our customers about the situation. We are in direct communication with Apple representatives, who have acknowledged receiving our complaints, and we are working together to remove the counterfeit app.”
The deceptive app impersonated LastPass’s branding and user interface
In an attempt to deceive consumers, the deceptive app copied LastPass’s branding and user interface and was attributed to a single developer named Parvati Patel. The counterfeit program contained numerous spelling errors, which should serve as a red flag indicating potential fraud. Furthermore, it was published by a different developer not affiliated with LogMeIn – the parent company of LastPass.
This incident doesn’t reflect well on Apple Inc., especially given the recent legal battles it has faced, such as the EU’s Digital Markets Act (DMA), raising questions about how such an evidently fake app managed to slip through Apple’s typically stringent App Review process.
According to Appfigures, an app analytics firm, the fake app was launched on January 21st, allowing it a couple of weeks to attract users’ attention. Appfigures observed that users quickly realized the app’s illegitimacy, as every review in the Apple App Store cautioned others about the fraudulent nature of the app. The fake app even utilized specific keywords to enhance its search rankings.
While the counterfeit app may have duped some users, its impact was likely limited. The real setback was for LastPass, as it had to notify its genuine users publicly about the fake app in the store – an app that should have never been made available in the first place. The app was only removed from the App Store the day after LastPass’s blog post was published.
Featured Image Credit: WeStartMoney; Pexels
