Pinduoduo removed from Google Play Store after cyberattack

Share post:

According to security researchers at Lookout, Pinduoduo has been involved in a complex malware attack through its application, enabling it to covertly commandeer millions of user devices, pilfer personal information, and deploy malicious software.

The Pinduoduo app’s harmful versions were discovered in unofficial app markets, which are commonly used by Chinese and international users who cannot access or find the official Google Play store. These malicious versions were not found on Google Play or the Apple App Store.

Lookout researchers discovered that at least two Android versions of Pinduoduo obtained from unofficial sources exploited CVE-2023-20963, a security flaw in Android that Google patched in recent updates made available to users two weeks ago.

The harmful software utilized by the application to conduct operations with elevated privileges utilized these privileges to get code from a designated developer site and execute it within a privileged environment. The malware was discovered by researchers after being reported last month by a research service named Dark Navy.
The report noted that the app included a “bundle feng shui-Android parcel serialization and deserialization [exploit] that appears to be unknown in recent years”. Subsequently, other individuals have shared evidence of the malware, including a user who gave researchers code and instructions to locate the alleged exploit.
Upon investigation, Lookout researchers identified that the application featured a capability that enabled it to be installed secretly and could not be uninstalled. Furthermore, it falsely raised the number of daily and monthly active users on Pinduoduo, uninstalled rival applications, took users’ privacy data, and circumvented various privacy compliance rules.

PDD Holdings, Pinduoduo’s parent company, denied the claims, stating that it “strongly reject[s] the speculation and accusation that the Pinduoduo app is malicious from an anonymous researcher”. Lookout researchers disagree, and added that a more thorough review will likely find more exploits in the app.

The sources for this piece include an article in ArsTechnica.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways