It is one of China’s most popular shopping apps, selling clothing, groceries and just about everything else under the sun to more than 750 million users a month.
But according to cybersecurity researchers, it can also bypass users’ cell phone security to monitor activities on other apps, check notifications, read private messages and change settings.
Once installed, it is nearly impossible to remove.
Toshin described Pinduoduo as “the most dangerous malware” ever found among mainstream apps.
“I’ve never seen anything like this before. It’s like, super expansive,” he said.
Earlier ⤵️
CNN » Soon after Pinduoduo’s app updated to remove backdoor exploits, most of the team working on them was moved to work on Temu, which is a top app in the US.
March 22, 2023
Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the software. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones.
…
Google said it believes the exploit chain for Samsung devices belonged to a “commercial surveillance vendor,” without elaborating further. The highly technical writeup also did not name the malicious app in question.
Elsewhere » Bloomberg / Reuters
Updated » Isabel Skierka discusses the latest breed of super invasive mobile apps
Last Updated on April 8, 2023