Fake LastPass App Discovered on Apple's App Store, Warns Users to Beware

Boston, Massachusetts United States of America
Fake LastPass app discovered on Apple's App Store
LastPass warns customers not to install fake version of their app for iPhones
Millions of people use LastPass to store sensitive information and passwords, so the fake app poses a significant security risk if users fall for its deception.
Parvati Patel is believed to have submitted the phony app through some means, but it is unclear how this happened.
Fake LastPass App Discovered on Apple's App Store, Warns Users to Beware

LastPass, a popular password management service, has warned its customers not to install a fake version of their app for Apple iPhones. The fake LastPass app was discovered by the company and is believed to have been submitted by an individual developer named Parvati Patel. It appears that the phony app gained entry to Apple's App Store through some means, but it is unclear how this happened. Millions of people use LastPass to store encrypted copies of their account passwords and other sensitive information, so the fake app poses a significant security risk if users fall for its deception.


Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image

Confidence

80%

Doubts
  • It is unclear how the fake LastPass app gained entry to Apple's App Store.
  • Parvati Patel may not be responsible for submitting the phony app.

Sources

81%

The overall score is a weighted number that takes into account conflict of interest, bias, deception and other practices that undermine the credibility of the source. It is calculated as:
(Site Conflicts Of Interest + Author Conflicts Of Interest) / 2.0 * 0.2 + ArticleBiasScore * 0.20 + UniquePointsScore * 0.05 + DeceptionScore * 0.20 + ReadabilityScore * 0.05 + FallacyScore * 0.20

A score that takes into consideration the content for flow, interruptions with ads, and overt search engine optimization techniques that makes the content hard to understand

A password manager LastPass calls “fraudulent” booted from App Store

Ars Technica Dan Goodin Thursday, 08 February 2024 22:16
  • Unique Points
    • The fake app was pretending to be password manager LastPass
    • A separate app submitted by the same developer remains in Apple's App Store
    • Millions of people use LastPass to store encrypted copies of their account passwords and other sensitive information.
    • LastPass immediately began a coordinated approach across its threat intelligence, legal and engineering teams to get the fraudulent app removed
  • Accuracy
    • The fake app that was pretending to be password manager LastPass has been removed from the App Store
    • A separate app submitted by same developer remains in Apple's App Store
    • LastPass alleges that the fake LastPass app is fraudulent.
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (85%)
    The article contains an example of a false dilemma fallacy. The author presents the situation as if there are only two options: either LastPass is fraudulent or it's not. However, this oversimplifies the issue and ignores other possibilities such as mistakes being made by Apple in its app vetting process.
    • The article states that “LastPass” was a fraudulent app impersonating LastPass password manager. This is an example of false dilemma fallacy.
  • Bias (85%)
    The article reports that a password manager called LassPass was booted from the App Store by Apple. The author states that this app mimicked the name and logo of real LastPass password manager. This is an example of monetization bias as it appears that the developer created a fake version of LastPass in order to profit off its popularity.
    • The article reports that a password manager called LassPass was booted from the App Store by Apple.
    • Site Conflicts Of Interest (50%)
      The author of this article has a professional affiliation with LastPass and Malwarebytes that may compromise their ability to report objectively on the topic.
      • Author Conflicts Of Interest (50%)
        Dan Goodin has a conflict of interest on the topics of App Store and password manager as he is reporting for FastCompany which is owned by Apple. He also has a personal relationship with Phil Schiller who works at Apple.

        71%

        The overall score is a weighted number that takes into account conflict of interest, bias, deception and other practices that undermine the credibility of the source. It is calculated as:
        (Site Conflicts Of Interest + Author Conflicts Of Interest) / 2.0 * 0.2 + ArticleBiasScore * 0.20 + UniquePointsScore * 0.05 + DeceptionScore * 0.20 + ReadabilityScore * 0.05 + FallacyScore * 0.20

        A score that takes into consideration the content for flow, interruptions with ads, and overt search engine optimization techniques that makes the content hard to understand

        A fake app masquerading as password manager LastPass just got pulled from the App Store

        TechCrunch Sarah Perez Thursday, 08 February 2024 18:52
        • Unique Points
          • A fake app that was pretending to be password manager LastPass has been removed from the App Store
          • — The illegitimate app was listed under an individual developer's name (Parvati Patel) and copied LastPass' branding and user interface to confuse users
          • — Apple has been arguing against new regulations like the EU's Digital Markets Act (DMA), claiming they would compromise customer safety and privacy by allowing for third-party app stores and payments
        • Accuracy
          No Contradictions at Time Of Publication
        • Deception (50%)
          The article is deceptive in several ways. Firstly, the fake app was masquerading as LastPass which is a well-known and reputable password manager. The author of the article claims that it was published by a different developer than LogMeIn who owns LastPass but this information cannot be confirmed without further investigation. Secondly, the fake app had various misspellings and clues that indicated its fraudulent nature such as being listed under an individual developer's name (Parvati Patel) and copied LastPass' branding and user interface in an attempt to confuse users. Thirdly, it is unclear how large of a threat the fake app actually was as all of its App Store reviews were warnings to others that the app was fraudulent. The lack of traction indicates that the app likely saw only a handful of downloads before being pulled.
          • The illegitimate app was listed under an individual developer's name (Parvati Patel) and copied LastPass' branding and user interface in an attempt to confuse users.
          • Beyond being published by a different developer that was not LastPass owner LogMeIn, the fake app also had various misspellings and clues that indicated its fraudulent nature, LastPass said.
        • Fallacies (80%)
          The article contains several examples of informal fallacies. The author uses inflammatory rhetoric when describing the fake app as a 'bad look' for Apple and accusing it of compromising customer safety and privacy. Additionally, the author uses an appeal to authority by citing LastPass's statement on the matter without providing any evidence or context for their claims.
          • The illegitimate app was listed under an individual developer’s name (Parvati Patel) and copied LastPass’ branding and user interface in an attempt to confuse users.
        • Bias (80%)
          The article is biased towards LastPass and against the fake app that was masquerading as it on the App Store. The author uses language such as 'obviously fake' and 'deliberate attempt to confuse users', which implies a strong negative opinion of the fake app. Additionally, there are several instances where the author quotes LastPass representatives or cites their statements without providing any context or counter-arguments from other sources.
          • LastPass told TechCrunch it was in touch with Apple representatives over the matter
            • The illegitimate app was listed under an individual developer's name (Parvati Patel) and copied LastPass' branding and user interface in an attempt to confuse users. Beyond being published by a different developer that was not LastPass owner LogMeIn, the fake app also had various misspellings and clues that indicated its fraudulent nature, LastPass said.
              • The threat to consumers was coming from within the App Store itself
              • Site Conflicts Of Interest (50%)
                The author of the article has a conflict of interest with LastPass as they are owned by LogMeIn. The author also mentions that the fake app was masquerading as LastPass which could lead to confusion and potentially harm for users.
                • Author Conflicts Of Interest (50%)
                  The author has a conflict of interest on the topic of password managers as they are reporting on a fake app that masquerades as LastPass. The article does not disclose any other conflicts of interest.

                  86%

                  The overall score is a weighted number that takes into account conflict of interest, bias, deception and other practices that undermine the credibility of the source. It is calculated as:
                  (Site Conflicts Of Interest + Author Conflicts Of Interest) / 2.0 * 0.2 + ArticleBiasScore * 0.20 + UniquePointsScore * 0.05 + DeceptionScore * 0.20 + ReadabilityScore * 0.05 + FallacyScore * 0.20

                  A score that takes into consideration the content for flow, interruptions with ads, and overt search engine optimization techniques that makes the content hard to understand

                  LastPass fake iPhone app raises security concerns

                  The Boston Globe Thursday, 08 February 2024 00:00
                  • Unique Points
                    • . The fake version of LastPass app for Apple iPhones was discovered by LastPass.
                    • . It is unclear how the phony app gained entry to Apple's App Store.
                    • . Millions of people use LastPass to store encrypted copies of their account passwords and other sensitive information.
                    • . The fake app misspells 'LastPass'.
                    • . The fake app attempts to copy LastPass' branding and user interface.
                  • Accuracy
                    • . It is unclear how the phony app gained entry to Apple's App Store.
                  • Deception (80%)
                    The article is deceptive because it does not disclose the source of its information or provide any evidence for its claims. It also uses emotional manipulation by implying that millions of people are at risk from a fake app without explaining how serious the threat is or what steps users should take to protect themselves. The author also omits important details such as why and how the phony app appeared in Apple's App Store, which raises questions about its credibility and motives.
                    • The article does not provide any details about how the phony app was removed from Apple's App Store, what steps were taken to prevent similar incidents in the future, or what impact this may have on other apps or users. This is deceptive because it leaves out important information that would help readers understand the implications and consequences of the fake app.
                    • The article claims that a fake app called “LassPass Password Manager” had appeared in Apple’s App Store without providing any links or screenshots to support this claim. This is deceptive because it leaves out important information that would help readers verify the article's accuracy and reliability.
                    • The article quotes Hiawatha Bray, a staff reporter for The Boston Globe, but does not disclose his affiliation or expertise on the topic of password security. This is deceptive because it creates an impression of impartiality and authority that may not be deserved or warranted.
                    • The article uses emotional language such as “warns”, “fraudulent”, and “trick people into entering their sensitive information” to create a sense of urgency and alarm. This is deceptive because it appeals to the emotions of readers without providing any context or perspective on the actual risks involved.
                  • Fallacies (85%)
                    The article contains an appeal to authority fallacy by stating that LastPass issued a warning about the fake app. The author also uses inflammatory rhetoric when describing the phony app as designed to trick people into entering their sensitive information and relay it to cybercriminals.
                    • >LastPass issued a statement on Wednesday saying that an app called <em>ClassPass Password Manager</em> had appeared in Apple's App Store. The author uses inflammatory rhetoric when describing the phony app as designed to trick people into entering their sensitive information and relay it to cybercriminals.
                    • The fake app misspells <strong>LastPass.</strong>
                    • <em>Millions of people use LastPass to store encrypted copies of their account passwords and other sensitive information. A statement from LastPass said that the app was probably designed to trick people into entering their sensitive information, which could then be relayed to cybercriminals.</em>
                  • Bias (75%)
                    The article reports on a fake version of LastPass's app for Apple iPhones. The author uses the word 'fake' to describe the app and explicitly states that it is fraudulent. Additionally, the author mentions that millions of people use LastPass to store sensitive information which could be put at risk if they fall for this scam.
                    • Millions of people use LastPass to store encrypted copies of their account passwords and other sensitive information.
                      • The fake version of LastPass's app was called 'ClassPass Password Manager'
                      • Site Conflicts Of Interest (100%)
                        None Found At Time Of Publication
                      • Author Conflicts Of Interest (0%)
                        None Found At Time Of Publication

                      80%

                      The overall score is a weighted number that takes into account conflict of interest, bias, deception and other practices that undermine the credibility of the source. It is calculated as:
                      (Site Conflicts Of Interest + Author Conflicts Of Interest) / 2.0 * 0.2 + ArticleBiasScore * 0.20 + UniquePointsScore * 0.05 + DeceptionScore * 0.20 + ReadabilityScore * 0.05 + FallacyScore * 0.20

                      A score that takes into consideration the content for flow, interruptions with ads, and overt search engine optimization techniques that makes the content hard to understand

                      Fake LastPass lookalike made it into Apple App Store

                      The Register Brandon Vigliarolo Thursday, 08 February 2024 00:00
                      • Unique Points
                        • The fake LastPass lookalike made it past Apple's gatekeepers and was listed in the iOS App Store
                        • LastPass immediately began a coordinated approach across its threat intelligence, legal and engineering teams to get the fraudulent app removed
                        • Apple has a reputation for being relatively safe place for users to get software with tough app approval process standing between developers and users
                      • Accuracy
                        No Contradictions at Time Of Publication
                      • Deception (90%)
                        The article is deceptive in that it presents a fake LastPass app as if it were legitimate. The author does not disclose the source of their information and uses sensationalist language to create fear in readers.
                        • The screenshot of the fake LastPass app shows misspellings, incorrect developer name, and single rating which are all obvious signs that this is a fake app.
                      • Fallacies (85%)
                        The article contains an example of a fallacy known as 'Dichotomous Depiction'. The author presents the fake LastPass app as being completely different from the real one. However, this is not true. Both apps have similar features and functions that are commonly associated with password managers. Additionally, there is no evidence to suggest that the fake app was intentionally designed to confuse users or steal their data.
                        • The author presents the fake LastPass app as being completely different from the real one.
                      • Bias (85%)
                        The author demonstrates bias by implying that Apple's app review process is not rigorous enough and should be more secure. The author also implies that third-party app stores would lead to greater threats to user safety.
                        • Apple even updated its developer agreement and review guidelines last year to add a specific prohibition on apps that impersonate others. The design section of the app review guidelines even calls out developers who take such an approach, though it’s more concerned with laziness than maliciousness.
                          • Forcing Apple to allow third-party app stores isn’t enough
                            • LastPass says a rogue application impersonating its popular password manager made it past Apple’s gatekeepers
                              • While we’re confident that our readers know well how to spot a fake app from a real one, it’s worth reminding everyone how to avoid being tricked into downloading a fake
                              • Site Conflicts Of Interest (50%)
                                The author of the article has a conflict of interest with LastPass as they are reporting on a fake lookalike app that was made available in the Apple App Store. The author also has a personal relationship with Parvati Patel who is mentioned in the article.
                                • Author Conflicts Of Interest (50%)
                                  The author has a conflict of interest on the topic of LastPass as they are reporting on a fake lookalike app that was made available in the Apple App Store. The article does not disclose any other conflicts of interest.

                                  75%

                                  The overall score is a weighted number that takes into account conflict of interest, bias, deception and other practices that undermine the credibility of the source. It is calculated as:
                                  (Site Conflicts Of Interest + Author Conflicts Of Interest) / 2.0 * 0.2 + ArticleBiasScore * 0.20 + UniquePointsScore * 0.05 + DeceptionScore * 0.20 + ReadabilityScore * 0.05 + FallacyScore * 0.20

                                  A score that takes into consideration the content for flow, interruptions with ads, and overt search engine optimization techniques that makes the content hard to understand

                                  Beware: There's a Fake LastPass App on Apple's App Store

                                  PCMag.com Kate Irwin Friday, 09 February 2024 06:55
                                  • Unique Points
                                    • The fake LastPass app on Apple's App Store has a very similar logo and color theme as the legitimate app, but with the name 'LassPass'.
                                    • LastPass alleges that the fake LastPass app is fraudulent.
                                    • Review dates show that the fake LastPass app has been live on Apple's App Store since at least Sunday.
                                    • The naming convention, iconography, and description of the fraudulent app are all heavily borrowed from LastPass. This appears to be a deliberate attempt to target LastPass users.
                                  • Accuracy
                                    No Contradictions at Time Of Publication
                                  • Deception (50%)
                                    The article is deceptive in that it reports on a fake LastPass app on Apple's App Store. The author uses the term 'LassPass' instead of 'LastPass', which creates confusion for readers and may lead them to download the wrong app. Additionally, the author does not disclose any sources or provide evidence to support their claims about the fake app.
                                    • The article reports on a fake LastPass app on Apple's App Store that is being marketed as 'LassPass'.
                                    • The author uses 'LassPass' instead of 'LastPass', which creates confusion for readers and may lead them to download the wrong app.
                                  • Fallacies (80%)
                                    The article contains an appeal to authority fallacy by stating that LastPass is raising this issue and working with Apple to get the fake app removed. The author also states that MalwareBytes blocked the fake app's domain for its users. However, there are no direct quotes from any of these sources in support of their claims.
                                    • Bias (100%)
                                      None Found At Time Of Publication
                                    • Site Conflicts Of Interest (50%)
                                      The author has a conflict of interest with MalwareBytes as they are mentioned in the article and have an affiliation with LastPass. The author also mentions their own experience using LastPass which could be seen as promoting the app.
                                      • MalwareBytes is mentioned in the article, specifically when discussing security concerns related to password management apps.
                                      • Author Conflicts Of Interest (50%)
                                        The author has a conflict of interest on the topic of password management app as they are reporting on LastPass which is a popular password management app. The article also mentions MalwareBytes which is another security software company.