In accordance with a new report, Pinduoduo, a popular Chinese shopping app, exploited a zero-day vulnerability in the Android operating system to uplift its own privileges, rob personal data from infected endpoints, and install malicious apps.
Numerous sources validated the allegations, including cybersecurity firm Kaspersky, which examined “previous versions” of the app that were still being distributed through a Chinese app store and concluded that it exploited a flaw to install backdoors.
“Some versions of the Pinduoduo app contained malicious code, which exploited known Android vulnerabilities to escalate privileges, download and execute additional malicious modules, some of which also gained access to users’ notifications and files,” Igor Golovin, a Kaspersky security researcher, told Bloomberg.
Google and Android are both not available in China, meaning the Play Store isn’t available there, either. According to ArsTechica, the versions of Pinduoduo available on both the Play Store and the Apple Store are clean. Nonetheless, Google removed it from its app repository last week and advised users to uninstall it if they had it.
According to Bloomberg, the announcement labeled the app “harmful” and alerted users that their data and devices were at risk. PDD, the app’s devel
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: