ALBAWABA - Both Apple and Google make it difficult for developers to infiltrate apps, but sometimes malicious actors can find loopholes to succeed in their mission without anyone knowing. This is exactly what happened when a fake version of the popular password management app "LastPass" made its way onto the Apple App Store.
iPhone owners were urged to check their devices for a fake app called "LassPass" instead of "LastPass," attempting to steal passwords for all their accounts.
Although Apple removed the deceptive app from its App Store, concerns still linger that it may still be installed on some users' phones.
The fake version of the original app, "LassPass," is an exact replica of "LastPass," the platform that secures passwords for both consumers and companies. Like many phishing attempts, "LassPass" tried to lure iPhone users into downloading it by using a spelling error that could easily be overlooked. The illegitimate app was backed by copying the branding and user interface of "LastPass" in an attempt to confuse users.
(Shutterstock)
The fake app also contained numerous spelling errors and clues indicating its fraudulent nature. According to information, the fake app was released on January 21, 2024, giving it a few weeks to attract the attention of users, many of whom discovered that the app was illegitimate, despite its attempt to capitalize on the keyword "LastPass" to rank in search results for this term.
A negative view of Apple and the passage of such a fake app through Apple's app review process paints a bad picture for the tech giant, which has been opposing new laws like the European Union's Digital Markets Act (DMA), claiming it jeopardizes customer safety and privacy. Apple stated that the EU's Digital Markets Act, which allows third-party app stores and payments to operate on its devices, could put consumers at risk because they would be able to conduct business outside of its App Store with unknown parties. Bad actors are likely to exploit the new laws to deceive consumers into purchasing difficult-to-cancel subscriptions. When outlining its compliance plan for the EU's Digital Markets Act, Apple wrote that "new options for processing payments and downloading apps on the iOS operating system open up new avenues for malware, fraud, illegal content, and other privacy and security threats," but it turned out that the threat facing consumers came from within the App Store itself, not from an external website.
However, it is not officially known yet the extent of the threat posed by this fake app.
(Shutterstore)
In any case, Apple took action against the app by removing it from its store and banning its creator from its Apple Developer program; the app's creator.
In conclusion, if you encounter an app that closely mimics a well-known app you know and seems suspicious, make sure to report it; this proactive step could lead to the removal of fake apps, helping to prevent potential harm and losses.
