

LastPass installs malware? - jaddison

From the lastpass download page, I installed the contents of https:&#x2F;&#x2F; lastpass.com &#x2F; download &#x2F; cdn &#x2F; lpmacosx.zip (de-urlized, for public safety)<p>My browsers were all hi-jacked, links taken over - lots of &#x27;searchmadeeasy.com&#x27; linking (particularly on stackoverlow.com and viewing stackoverflow.com results in google searches) and http:&#x2F;&#x2F; macsecurity-alert .com (de-urlized again), which is pretty obviously a malware phishing type site.<p>I never get caught by these sorts of things, and only downloaded lastpass on the recommendation of colleagues. Only by uninstalling lastpass were the issues addressed.<p>Anyone else seeing this with recent installs of lastpass? Infuriating that what I thought was a respectable company&#x2F;product is desperate for cash to hijack browsers.<p>Edit: do tell me if I&#x27;m wrong on anything here, please!
======
boblastpass
I can confidently say that this was not from the LastPass install -- we would
never include malware (our reputation is based on trust built up over many
years, this would shatter it).

The md5 of our download is 0290ce268f6e57b1ce26bb21748b12eb, it was last
updated on Mar 4.

It most likely came from a different source.

~~~
jaddison
I absolutely agree - a reputation is easily shattered, which is why it seems
incredulous that you guys were actually knowingly behind this.

Like I said, however - the issues disappeared upon uninstallation of the
lastpass browser extension pack for OSX, and it certainly _seemed_ to appear
on its installation.

For everyone's sake, let's all hope I was idiotic at some prior point and
somehow had a different drive-by install...

------
hanumantmk
I've been using lastpass for years, and haven't seen anything remotely
similar.

Maybe their cdn got hijacked?

~~~
jaddison
I have no idea - I've never used them before. I imagine if you've already got
it installed, it's not an issue for you.

I don't think their product is affected, just what gets installed is <nasty>.

~~~
hanumantmk
Do you mind posting the sha256sum for the zip file you downloaded? Then when
someone from lastpass comes along they could at least compare it with their
upstream.

I just downloaded:

0778d4528381917a8beaebfa3c033cc81157439fae01c082e8e7f33b51e37340 lpmacosx.zip

~~~
jaddison
Looks the same for me.

------
numberwhun
Instead of going to their download page, why not just install the extension
from ${browser_name}'s extensions functionality? That way you're not dealing
with the links on the developer's page.

~~~
jaddison
Probably wiser. However, I got looped into their on-site download funnel
through a legit invite from a colleague.

~~~
numberwhun
Bah, no need for an invite when its free to use. :) But I see how you got
there.

------
jaddison
OP here.

The only thing that I can come up with is that I happened across a malicious
page that did a drive-by install of some malware that magically disappeared
upon browser restart (which both the lastpass installer and uninstaller force
in order to get their extensions registered).

At least, that's what I'm hoping, or I've still got malware on my system!

------
rifung
I've been using it for the last few months; never seen anything like this.

------
w0und
I have been using it for the last couple of years now and have never had any
sort of issue like you are describing. Maybe the site has been injected with
something or your friends invite was malicious?

~~~
jaddison
I've verified the invite was all lastpass.com.

------
nabaraz
Do you still have the original zip file that you downloaded? Could you check
the MD5sum and post it here?

~~~
jaddison
I posted a response to a request for a sha256sum - I had the same sum as the
one posted. If providing md5sum helps further, I will.

