Pinduoduo removed from Google Play Store after cyberattack

Share post:

According to security researchers at Lookout, Pinduoduo has been involved in a complex malware attack through its application, enabling it to covertly commandeer millions of user devices, pilfer personal information, and deploy malicious software.

The Pinduoduo app’s harmful versions were discovered in unofficial app markets, which are commonly used by Chinese and international users who cannot access or find the official Google Play store. These malicious versions were not found on Google Play or the Apple App Store.

Lookout researchers discovered that at least two Android versions of Pinduoduo obtained from unofficial sources exploited CVE-2023-20963, a security flaw in Android that Google patched in recent updates made available to users two weeks ago.

The harmful software utilized by the application to conduct operations with elevated privileges utilized these privileges to get code from a designated developer site and execute it within a privileged environment. The malware was discovered by researchers after being reported last month by a research service named Dark Navy.
The report noted that the app included a “bundle feng shui-Android parcel serialization and deserialization [exploit] that appears to be unknown in recent years”. Subsequently, other individuals have shared evidence of the malware, including a user who gave researchers code and instructions to locate the alleged exploit.
Upon investigation, Lookout researchers identified that the application featured a capability that enabled it to be installed secretly and could not be uninstalled. Furthermore, it falsely raised the number of daily and monthly active users on Pinduoduo, uninstalled rival applications, took users’ privacy data, and circumvented various privacy compliance rules.

PDD Holdings, Pinduoduo’s parent company, denied the claims, stating that it “strongly reject[s] the speculation and accusation that the Pinduoduo app is malicious from an anonymous researcher”. Lookout researchers disagree, and added that a more thorough review will likely find more exploits in the app.

The sources for this piece include an article in ArsTechnica.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways