21 March 2023

Google suspends main Chinese shopping app Pinduoduo over malware concern


Google suspends main Chinese shopping app Pinduoduo over malware concern

Google has suspended the Play version of the Chinese shopping app Pinduoduo made by Chinese ecommerce giant PDD Holdings after discovering malware in off-Play versions of the software.

The move comes after multiple Chinese security researchers reported that Pinduoduo Android versions contained malware designed to monitor users. While Google Play Store is not available in China, malicious versions of the app were discovered on the custom app stores of some electronics companies like Samsung, Huawei, Oppo and Xiaomi, according to tech news site TechCrunch.

A Google spokesperson said that the tech giant is investigating the matter and suspended downloads of the Play Store version of Pinduoduo as a security precaution.

“Google Play Protect enforcement has been set to block installation attempts of these identified malicious apps. Users that have malicious versions of the app downloaded to their devices are warned and prompted to uninstall the app,” the Google representative said.

Shawn Chang, founder and chief executive officer of Hong Kong-based security firm HardenedVault, told Bloomberg that based on publicly available information PDD appears to have used “nday/0day exploits, targeting Android parcel serialization/deserialization to gain system privileges.”


Back to the list

Latest Posts

Free VPN provider SuperVPN exposes 360 million user records

Free VPN provider SuperVPN exposes 360 million user records

In total, 133GB of sensitive data including user email addresses, original IP addresses, and geolocation information is said to have been exposed in the leak.
29 May 2023
Cyber security week in review: May 26, 2023

Cyber security week in review: May 26, 2023

The world in brief: New ICS malware discovered, hacktivists expose Russian hacker wanted in the US, Pegasus spyware found in Armenia and Azerbaijan, and more.
26 May 2023
Barracuda’s email gateway appliances breached via zero-day bug

Barracuda’s email gateway appliances breached via zero-day bug

The vulnerability resided in a module which initially screens the attachments of incoming emails.
25 May 2023