LassPass: The application that threatens the security of iPhones

lasspass

LassPass, an app with malware, has recently sneaked into the App Store causing a great risk of data leakage.

So if you have downloaded it, or think you may have been a victim of identity theft that was done to LastPass, we advise you to continue reading this article where we will explain how this happened and what you can do if you have fallen into the scam. deception.

Cybercriminals bypass the App Store filter

how to sneak malware into appstore

The case of LassPass is not an exception to the rule: and although it has also happened on Android, it is not the first time that an app with malware sneaks into the App Store: the first was a 2012 app called Find and Call that under The innocuous appearance of a call manager was hiding an app that sent data from your contacts to its developer to send SPAM.

LassPass is another application within these that has something else hidden inside, but that has a special gravity since it is a password manager…where people usually store everything from emails to banks, directly putting our economic integrity and personal data at risk.

To sneak malware into the App Store, there are four different methods that could have been exploited by developers, although Apple did not want to explain how it happened this time:

Social engineering: the “old reliable” to sneak malware

Malicious developers can use social engineering techniques to deceive users or App Store reviewersand. And under this somewhat bombastic name hides something that we all know in our daily lives: “cheating to obtain something.”

Specifically, social engineering applied to this case could involve hiding the app's malicious behavior during the initial review, or even using psychological manipulation tactics to convince reviewers that it is a safe app and convince users to install the app.

Code obfuscation and detection evasion techniques: leaving malware well hidden

Developers can obfuscate application code to make it difficult to analyze and detect by the App Store security systems. This can make it more difficult for reviewers to identify malicious behavior during the review process.

And here human criminal inventiveness has no limits: from tinkering with the code of an app so that its syntax is unusual (it's a shame to call “pwd” “passwords”, that is, passwords), insert instructions that lead nowhere to mislead reviewers and not focus on something else that may be out there, fragment the app code (break it into interrelated pieces to hide something there) or even introduce extra complexities that seek to make the reviewer dizzy.

Exploitation of vulnerabilities: less and less, but plausible

If there is a vulnerability in the App Store review process or the underlying operating system, malicious developers They could exploit this vulnerability so that their application goes unnoticed or to install malicious code once the app is on users' devices. For this reason, you should always install the latest Software updates availables.

Post-approval updates: sneak in malware later

This happens when a developer publishes a clean app, without any malicious code, but in subsequent revisions adds some malware inside.

When developers modify the behavior of the app after it has passed the initial review, this can lead to problematic situations, as App Store reviewers may choose not to further review the changes that have been made to the app. code.

How could LassPass enter the App Store?

If we theorize a little, and given how the security failure has been, if we had to bet on any of the methods that we describe, I would surely risk saying that it could have been a combination of two: social engineering and code obfuscation.

Given the resemblance of LassPass to another legitimate password manager, cybercriminals have been able to try to camouflage the app as a possible derivative of it, thus deceiving the human and virtual reviewers of the App Store, with the conjunction of a refined code that hid the Trojan Horse that was inside.

LassPass has been confused with LastPass

LastPass is the app that has suffered identity theft

LastPass is the app that has suffered identity theft

LastPass, the victim of this spoofing, is a popular online password manager that allows users to securely store passwords and other sensitive information, such as credit card numbers, secure notes, and login data, all within an encrypted vault with a single master password.

And I think you don't have to be very smart to know why they chose this and not another application to impersonate: the high number of users it has and its nature, which ishides a good part of the user accounts of various websites and services, makes it a gem for any malicious user who wants to get hold of sensitive data.

Fortunately, LastPass detected the impersonation and reported it to Apple, causing LassPass to be withdrawn hours later and although some people had already downloaded it and the damage had already been done, thanks to this action it was possible to prevent more unsuspecting users from falling into the trap. the deception

What happens if you have LassPass installed

danger of having lasspass installed

The first thing of all is to clarify: having only LassPass installed does nothing bad, since it does not have malware that infects the phone. He The problem is when you have opened it and used it, recording your data in it, since the program automatically sends that data to a server owned by the attacker, so you would be giving him direct access to all your accounts.

In any case, if you have LassPass installed, we advise you to delete it, but not before reviewing the passwords that you have entered in the app to change them as soon as possible, before they reach the hands of an attacker.

If you have entered your bank account details, It doesn't hurt to communicate it to your entity. so that they can audit the account and temporarily block it in case they detect any suspicious or unusual movement.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Actualidad Blog
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.