IPHONE owners have been urged to check their devices for a fake cloning app that is trying to steal passwords for all their accounts.
Apple has removed the rogue app from the App Store, but it may still be installed on people's phones.
The app is a copy of LastPass, a platform that stores passwords securely in an encrypted vault for both consumers and businesses.
The name of the fake app is 'LassPass' instead of 'LastPass' – and it is rated five stars in Apple's App Store, Bleeping Computer first reported.
However, upon closer inspection, there is only one five-star rating, while four other reviews warn it is a copycat.
Like many phishing scams, the rogue app attempted to trick iPhone users into downloading the app with an easy-to-miss spelling error.
It also gave it a fake five-star review to give it the appearance of legitimacy.
Meanwhile, the real app has more than 52 thousand reviews.
If users enter their passwords into the fake app, they risk compromising their accounts.
The same developer has another app on the App Store that appears legitimate, so Bleeping Computer suggests their account may have been hijacked by malicious actors.
Most read in Phones and gadgets
“We have included the URL of the fraudulent app, as well as the link to our legitimate app, so customers can verify that they are downloading the correct LastPass application for themselves until the fraudulent app is removed,” he says. LastPass warned in a blog postbefore the app was removed from the App Store.
“Rest assured, LastPass is actively working to remove this application as quickly as possible and will continue to monitor for fraudulent clones of our applications and/or infringements of our intellectual property.”
When Apple becomes aware of an app that violates its guidelines, it typically acts quickly to remove the app from the App Store and ban the developer.
If you have installed the fake LastPass app, you should immediately uninstall it and change your password on lastpass.com.
To be on the safe side, you are advised to perform the arduous task of resetting all passwords stored in your LastPass Vault.
The Sun has contacted Apple for comment.
Three ways to spot a phishing app
There are three easy ways to spot a fake app in the iOS or Google Play Store.
- Spelling mistakes
- Fake reviews
- Dodgy developer
If the name and description of the app are full of spelling mistakes, it is probably a fake app and you should not install it.
Always check the reviews as well.
There are often other people who warn that an app is fake.
If there are hardly any reviews, few positive ones, or reviews that look suspicious, stay away.
Then, look up the developer and see if they have any other apps that are popular.
If the developer only has one or two apps with few reviews and lots of spelling mistakes: avoid, avoid, avoid.