Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
LastPass installs malware?
14 points by jaddison on May 7, 2015 | hide | past | favorite | 16 comments
From the lastpass download page, I installed the contents of https:// lastpass.com / download / cdn / lpmacosx.zip (de-urlized, for public safety)

My browsers were all hi-jacked, links taken over - lots of 'searchmadeeasy.com' linking (particularly on stackoverlow.com and viewing stackoverflow.com results in google searches) and http:// macsecurity-alert .com (de-urlized again), which is pretty obviously a malware phishing type site.

I never get caught by these sorts of things, and only downloaded lastpass on the recommendation of colleagues. Only by uninstalling lastpass were the issues addressed.

Anyone else seeing this with recent installs of lastpass? Infuriating that what I thought was a respectable company/product is desperate for cash to hijack browsers.

Edit: do tell me if I'm wrong on anything here, please!



I can confidently say that this was not from the LastPass install -- we would never include malware (our reputation is based on trust built up over many years, this would shatter it).

The md5 of our download is 0290ce268f6e57b1ce26bb21748b12eb, it was last updated on Mar 4.

It most likely came from a different source.


I absolutely agree - a reputation is easily shattered, which is why it seems incredulous that you guys were actually knowingly behind this.

Like I said, however - the issues disappeared upon uninstallation of the lastpass browser extension pack for OSX, and it certainly seemed to appear on its installation.

For everyone's sake, let's all hope I was idiotic at some prior point and somehow had a different drive-by install...


I've been using lastpass for years, and haven't seen anything remotely similar.

Maybe their cdn got hijacked?


I have no idea - I've never used them before. I imagine if you've already got it installed, it's not an issue for you.

I don't think their product is affected, just what gets installed is <nasty>.


Do you mind posting the sha256sum for the zip file you downloaded? Then when someone from lastpass comes along they could at least compare it with their upstream.

I just downloaded:

0778d4528381917a8beaebfa3c033cc81157439fae01c082e8e7f33b51e37340 lpmacosx.zip


Looks the same for me.


+1


Instead of going to their download page, why not just install the extension from ${browser_name}'s extensions functionality? That way you're not dealing with the links on the developer's page.


Probably wiser. However, I got looped into their on-site download funnel through a legit invite from a colleague.


Bah, no need for an invite when its free to use. :) But I see how you got there.


OP here.

The only thing that I can come up with is that I happened across a malicious page that did a drive-by install of some malware that magically disappeared upon browser restart (which both the lastpass installer and uninstaller force in order to get their extensions registered).

At least, that's what I'm hoping, or I've still got malware on my system!


I've been using it for the last few months; never seen anything like this.


I have been using it for the last couple of years now and have never had any sort of issue like you are describing. Maybe the site has been injected with something or your friends invite was malicious?


I've verified the invite was all lastpass.com.


Do you still have the original zip file that you downloaded? Could you check the MD5sum and post it here?


I posted a response to a request for a sha256sum - I had the same sum as the one posted. If providing md5sum helps further, I will.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: