Pinduoduo App Malware Detailed By Cybersecurity Researchers (bloomberg.com) 4
Security researchers at Moscow-based Kaspersky Lab have identified and outlined potential malware in versions of PDD Holdings' Chinese shopping app Pinduoduo, days after Google suspended it from its Android app store. From a report: In one of the first public accountings of the malicious code, Kaspersky laid out how the app could elevate its own privileges to undermine user privacy and data security. It tested versions of the app distributed through a local app store in China, where Huawei Technologies, Tencent Holdings and Xiaomi run some of the biggest app markets. Kaspersky's findings, shared with Bloomberg News, were among the clearest explanations from an independent security team for what triggered Google's action and malware warning last week. The cybersecurity firm, which has played a role in uncovering some of the biggest cyberattacks in history, said it found evidence that earlier versions of Pinduoduo exploited system software vulnerabilities to install backdoors and gain unauthorized access to user data and notifications. Those conclusions agreed in large part with those of researchers that had posted their discoveries online in past weeks, though Bloomberg News hasn't verified the authenticity of the earlier reports.
Gah. it has a stupid name anyway (Score:3)
Chinese "Shopping" app (Score:2)
Should immediately raise red flags.
Re: (Score:1)
Great case for the Chinese courts. (Score:2)
The article claims that the malware blocks other shopping sites, which should trigger some reaction from larger competitors such as Alibaba.
Plus I'd be hesitant as a Chinese firm to start hacking my customers knowing that the CCP prefers to keep the web firmly under its thumb.