Suspicious LastPass Domain

Redirects to a cloned page with malicious download

We detected a suspicious LastPass-related domain at lastpass[.]shop which resolves to an unrelated, innocuous food wholesaler site, but contains complex redirects to a LastPass clone page offering a probable malicious download at lastpass[.]shop/en/

The suspicious lastpass[.]shop is registered with namecheap and protected by Cloudflare, compared to the legitimate lastpass[.]com site registered with Name and hosted on Akamai.

Additionally, the download offered at lastpass[.]shop is a zip containing multiple files 10x the size of the official LastPass exe download.