Skip to main content
Back to Security Snacks
Malicious Download
Spoofed Domain

Suspicious LastPass Domain

Published on: 
January 1, 2023

Redirects to a cloned page with malicious download

We detected a suspicious LastPass-related domain at lastpass[.]shop which resolves to an unrelated, innocuous food wholesaler site, but contains complex redirects to a LastPass clone page offering a probable malicious download at lastpass[.]shop/en/

The suspicious lastpass[.]shop is registered with namecheap and protected by Cloudflare, compared to the legitimate lastpass[.]com site registered with Name and hosted on Akamai.

Additionally, the download offered at lastpass[.]shop is a zip containing multiple files 10x the size of the official LastPass exe download.

Related Content

SecuritySnacks
Cybersecurity Reading List - Week of 2026-06-01
Commentary followed by links to cybersecurity articles and resources that caught our interest internally.
Learn More
SecuritySnacks
SecuritySnack - Hijacking Corporate Sessions
A sophisticated AiTM phishing kit bypassing traditional MFA to steal Microsoft 365 session cookies. Get the full breakdown and IOCs.
Learn More
SecuritySnacks
Cybersecurity Reading List - Week of 2026-05-04
Systems thinking, biolistics, and the danger of mop-up science in infosec — plus this month's reading on ransomware, RPKI exploits, cPanel, and LLM pollution.
Learn More

Heading

SecuritySnacks
Research
Newsletters
Podcast Episodes
About
No items found.