Google suspends main Chinese shopping app Pinduoduo over malware concern

Google suspends main Chinese shopping app Pinduoduo over malware concern

Google has suspended the Play version of the Chinese shopping app Pinduoduo made by Chinese ecommerce giant PDD Holdings after discovering malware in off-Play versions of the software.

The move comes after multiple Chinese security researchers reported that Pinduoduo Android versions contained malware designed to monitor users. While Google Play Store is not available in China, malicious versions of the app were discovered on the custom app stores of some electronics companies like Samsung, Huawei, Oppo and Xiaomi, according to tech news site TechCrunch.

A Google spokesperson said that the tech giant is investigating the matter and suspended downloads of the Play Store version of Pinduoduo as a security precaution.

“Google Play Protect enforcement has been set to block installation attempts of these identified malicious apps. Users that have malicious versions of the app downloaded to their devices are warned and prompted to uninstall the app,” the Google representative said.

Shawn Chang, founder and chief executive officer of Hong Kong-based security firm HardenedVault, told Bloomberg that based on publicly available information PDD appears to have used “nday/0day exploits, targeting Android parcel serialization/deserialization to gain system privileges.”


Back to the list

Latest Posts

Kosovo man extradited to US for running BlackDB.cc criminal marketplace

Kosovo man extradited to US for running BlackDB.cc criminal marketplace

If convicted on all counts, Masurica faces up to 55 years in federal prison.
14 May 2025
Multiple actively exploited zero-days patched in Microsoft, Ivanti, and Fortinet products

Multiple actively exploited zero-days patched in Microsoft, Ivanti, and Fortinet products

Microsoft shipped patches for over 70 flaws, five of which have been flagged as actively exploited zero-day bugs.
14 May 2025
Chinese hackers exploit SAP NetWeaver in cyber campaigns targeting critical infrastructure

Chinese hackers exploit SAP NetWeaver in cyber campaigns targeting critical infrastructure

The flaw was exploited to gain access to enterprise systems globally.
14 May 2025