The developer of the well-known password management app LastPass has warned that a fake LastPass app is being released in the Apple App Store, which may be a phishing app used to steal user credentials. The fake app uses a similar name, similar icons and a red-themed interface to the genuine app, making it look very close to the brand’s genuine design.

However, the name of this fake app is "LassPass", not "LastPass", and its publisher is "ParvatiPatel".

The app has only one review and four reviews warning it is fake, while LastPass has more than 52,000 reviews.

Since LastPass is used to store very sensitive information such as authentication secrets and credentials (username/email and password), it is likely that the application was created to act as a phishing application and steal credentials.

Squid has not tested this app, so we are not familiar with its inner workings, potential phishing processes, or any other details about its functionality.

The real LastPass alerts customers to the risk of data loss by issuing a warning on its website.

LastPass' warning reads: "We have included the URL of the fraudulent app along with a link to our legitimate app so customers can confirm they are downloading the correct LastPass app until the fraudulent app is taken down. Please be assured that LastPass is actively working to take down this app as quickly as possible and will continue to monitor for fraudulent clones of our apps and/or infringements of our intellectual property."

It is extremely rare for such an obviously fraudulent app to appear in the Apple App Store due to Apple's rigorous app review process, which ensures that software in the App Store meets high standards for privacy, security and content.

The process includes automated checks and manual reviews by Apple teams to ensure developers adhere to a detailed set of guidelines. Yet, somehow, this LastPass clone was accepted.

Additionally, when Apple discovers an app violates its guidelines, it typically takes swift action by removing it from the App Store and banning the developer. However, at the time of publication, fake LastPass still existed in the Apple App Store.

The same developer has another seemingly legitimate app on the AppStore, so the possibility that his account was hijacked by malicious actors cannot be ruled out.

If you installed a fake LastPass app, you should delete it immediately and change your password on lastpass.com. Then, for security reasons, it is recommended to perform a reset of all passwords stored in the LastPass vault.