<img src=”https://sm.pcmag.com/pcmag_au/news/b/beware-the/beware-theres-a-fake-lastpass-app-on-apples-app-store_g5ht.jpg” />
If you’re looking to download a password management app right now, be careful—there’s a fake LastPass app on Apple’s App Store.
The fake app’s page has a very similar logo and color theme as the legitimate app, but the impersonator is going under the name “LassPass” instead.
The fake app has reportedly been live for a few days already and is still available on the iOS App Store for iPads and iPhones at time of this writing.
Thankfully, the app doesn’t show up high on the search results, even if users make a typo. But it still poses a risk, and its negative user reviews suggest some may have already downloaded it. Review dates show that the app has been live on the App Store since at least Sunday.
LastPass alleges that the app is “fraudulent.”
“We are raising this to our customers’ attention to avoid potential confusion and/or loss of personal data,” LastPass Senior Principal Intelligence Analyst Mike Kosak wrote in a Wednesday blog post.
“LastPass is actively working to get this application taken down as soon as possible, and will continue to monitor for fraudulent clones of our applications and/or infringements upon our intellectual property,” Kosak added.
Antivirus firm MalwareBytes called the fake password app “a purposeful attempt to trick users” in a Thursday post warning its users about the listing. The company also said that it blocked the fake app’s domain for its Malwarebytes browser guard and premium users so that its users are aware of the app’s questionable status.
Apple, which has long made claims about the safety of its app store, says on its website that the tech giant reviews all apps for safety. Apple also doesn’t allow developers to publish misleading app screenshots that misrepresent what an iOS app can actually do. Apple says that all of the apps on its store are also screened for “known malware,” and that over 215,000 App Store app submissions were rejected in 2023 for not meeting its privacy standards.
This is far from the first time a possibly malicious app has made its way past Apple’s security checks, however. Last month, a fake iOS app for the viral pet battler Palword surfaced on the App Store, prompting the game’s developer to issue a statement warning users that downloading it could lead to personal data loss or fraud.
A 2021 report from The Washington Post found that Apple’s App Store is “teeming with scams,” with malicious apps costing users over $48 million.
Apple and LastPass did not immediately respond to PCMag’s request for comment.