LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users’ credentials.
The fake app uses a similar name to the genuine app, a similar icon, and a red-themed interface made to appear close to the brand’s authentic design.
However, the fake app’s name is ‘LassPass,’ instead of ‘LastPass,’ and it has a publisher of ‘Parvati Patel.’
In addition, there’s only a single rating (the real app has over 52 thousand), with only four reviews that warn about it being fake.
As LastPass is used to store very sensitive information, such as authentication secrets and credentials (username/email and password), the app was likely created to act as a phishing app to steal credentials.
If you have installed the fake LastPass app, you should immediately remove it and change your password at lastpass.com. It is then advised to perform the arduous task of resetting all passwords stored in your LastPass vault to be safe.
Update 2/9: Apple has confirmed that the fraudulent LastPass app has now been removed from the App Store for violating the guideline on copycat apps. Also, the app’s developer has been removed from the Apple Developer Program.
Source: https://www.bleepingcomputer.com/news/security/fake-lastpass-password-manager-spotted-on-apples-app-store