![]() ![]() Given that a malicious actor had the ability to produce legitimately-signed apps we advise our customers to denylist the Pinduoduo app () for their users, if they find it in their fleet. This proves that the creators of the malicious app have access to the same signing keys as the creators of the legitimate app that was available from Play. Malicious versions of Pinduoduo were signed with the same signing key as the Pinduoduo app that was distributed via Google Play until it was removed from the store. Our detailed analysis of the exploits used reveals that one of them relied on CVE-2023-20963, a vulnerability affecting essentially all current Android devices and fixed only in the March 2023 ASPL. In 2007 Colin founded his first startup,, an ecommerce site selling mobile phones and other consumer electronics. Google Play Protect enforcement has been set to block installation attempts of these identified malicious apps. We have suspended the Play version of the app for security concerns while we continue our investigation, said a Google spokesperson, according to a CNN report. It achieved about US500 million (S670 million) gross merchandise value in the US during its first five. We have no indication at this time that Pinduoduo’s iOS app is affected. The Pinduoduo app was removed from the store. Temu was the most downloaded app on Apple’s US app store for much of the past few months. Lookout Researchers have confirmed that the alleged malicious functionality exists in versions that exist outside of Google Play as well. U.S.-listed Pinduoduo (PDD) is now the third-largest e-commerce player behind Alibaba and JD.com in China. ![]() Researchers have reported that certain versions of this app contain code that can exploit the operating system of devices running the app and could prevent the user from removing the app from the device, installing additional malware in the background, removing other legitimate applications, and spying on the user. Pinduoduo, a large Chinese online retailer, recently had their app removed from both the Google Play Store and iOS App Store because of malicious activity in their app.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |