One of Apple’s biggest arguments against adding sideloading to iPhones is the fact that people could get malware and unknowingly install it on their device. According to the company, the job it does at curating apps on the App Store is enough to keep users safe. For this argument to actually have some weight to it, Apple needs to actually do a good job at this “curation” thing, which isn’t always the case.




LastPass is warning users that a fraudulent version of the app is making the rounds in the App Store. The app doesn’t use the actual LastPass icon, and the screenshots might not appear to show the actual LastPass, but the app’s name is very prominently displaying as “LassPass,” something that could confuse people who might not have been able to spy that the “t” in “LastPass” was swapped out with an “s.” The app is also using red hues for both its UI and its icon, and if you’ve come to associate the color red with LastPass in the context of password managers, this could also be confusing. The app was available on both an iPhone version and a Mac version.


lasspass-fake-password-manager-app
Juli Clover / MacRumors


It’s not clear whether this app is actually malware or not, and we’re definitely not taking a chance on it, but it’s certainly at least trying to deceive LastPass users, which is already a red flag. Somehow, this made it through Apple’s security checks. This kind of thing used to be pretty common on Android’s Google Play Store, and it’s something Google has thankfully clamped down on.


The fake app had a few subscription tiers, going from $1.99 a month to a lifetime $49.99 one-time payment, so it seems like the app developer was trying to make a quick buck out of unsuspecting users. Thankfully, the app was removed from the App Store a few hours after it was pointed out, and hopefully Apple will be a bit more careful in the future about which apps it approves.


This is also a good reminder that you shouldn’t use the real LastPass, either.


Source: Bleeping Computer via MacRumors

Source link