Pinduoduo App Contains Persistent Spy Malware!

One of China’s most popular apps – Pinduoduo apparently contains a malware that monitors user activities and is difficult to remove!

Take a look at what CNN and multiple cybersecurity researchers have discovered about Pinduoduo!

 

Pinduoduo : What Is It?

Pinduoduo is actually a Chinese online retailer. Think of it as China’s Amazon. While Amazon started as an online bookstore, Pinduoduo started as an online agricultural retailer.

Since then, Pinduoduo has become one of China’s most popular online shopping platform, with its app offering its 750 million users access to cheap products in China, by offering steep discounts on group buying orders.

Despite its meteoric rise, Pinduoduo has not been without its controversies. In 2018, the company was criticised for hosting inferior and imitation products, to which it responded by taking down more than 4 million listing and shutting down 1,128 stores.

In 2019, Pinduoduo was hit by hackers who stole discount coupons worth tens of millions of Yuan. And just last month, Google suspended the Pinduoduo app after discovering that versions offered outside its Play Store contained malware.

The Off-Play versions of the e-commerce app that have been found to contain malware have been enforced on via Google Play Protect.

Read more : How To Block Facebook Ads + Pay Scammers!

 

Pinduoduo App Contains Persistent Spy Malware!

Western interest may have been initiated by Google suspending the Pinduoduo app, but cybersecurity experts had already started looking into the app, and what they discovered was very troubling.

Alert First Raised By Chinese Cybersecurity Company

I think we should start by noting that it was a Chinese cybersecurity company called Dark Navy that first raised concerns about malware in the Pinduoduo app in February 2023.

Although Dark Navy did not name Pinduoduo in its report, cybersecurity researchers knew who it was referring to and soon followed up with their own investigations and reports, confirming Dark Navy’s report.

Sophisticated Malware

Half a dozen cybersecurity teams from Asia, Europe and the United States identified sophisticated malware in the Pinduoduo app that were designed to exploit vulnerabilities in the Android operating system used by many smartphones.

The malware allows the Pinduoduo app to bypass Android security features to monitor activities in other apps, check notifications, read private messages, and even change settings. It is also difficult to remove once installed.

Mikko Hyppönen, chief research officer at WithSecure, a Finnish cybersecurity firm, said that:

We haven’t seen a mainstream app like this trying to escalate their privileges to gain access to things that they’re not supposed to gain access to. This is highly unusual, and it is pretty damning for Pinduoduo.

Read more : Can SIM Swap empty bank accounts without warning?!

Dedicated Hacking Team To Look For Vulnerabilities

Even more damning, CNN reported that a current employee revealed that Pinduoduo set up a team of about 100 engineers and product managers to look for vulnerabilities in Android smartphones, and find ways to exploit them for profit.

To avoid exposure, the source said that the company targeted users in rural areas and smaller towns, and avoided users in megacities like Beijing and Shanghai.

By collecting expansive data on those users, Pinduoduo was able to create a comprehensive portrait of their habits, interests, and preferences; while improving its machine learning models to personalise push notifications and ads.

Pinduoduo App Gained More Access Than Allowed

Three cybersecurity companies – WithSecure, Check Point Research, and Oversecured conducted independent analysis of version 6.49.0 of the Pinduoduo app that was released in late February 2023, and found code designed to achieve “privilege escalation” – a type of cyberattack that exploits vulnerabilities in the operating system to gain a higher level of access to data that it’s supposed to have.

Our team has reverse engineered that code and we can confirm that it tries to escalate rights, tries to gain access to things normal apps wouldn’t be able to do on Android phones.

The Pinduoduo app was able to continue running in the background, and prevent itself from being uninstalled. This was apparently done to boost the platform’s statistic for monthly active users.

Pinduoduo App Has Access To User Data Without Consent

Delware-based app security start-up, Oversecured, found that the Pinduoduo app had access to user data like locations, contacts, calendars, notifications, and photo albums, without their consent.

The app was also able to change system settings, and access user social media accounts and chats.

Recommended : Beware Of Telegram Screenshot Hack + Scam!

Pinduoduo App Also Snooped On Other Apps

The Pinduoduo app also had the ability to snoop on competing shopping apps, by tracking activity on other shopping apps, and gathering information from them.

Pinduoduo App Able To Secretly Receive Updates

Check Point Research found that Pinduoduo was able to push updates to the app, without first going through an app store review process to detect malicious code.

Pinduoduo App Programmers Attempted To Obscure Malicious Code

Check Point Research also found that some plug-ins used by the Pinduoduo app tried to obscure potentially malicious code by hiding them under legitimate file names, such as Google’s.

Such a technique is widely used by malware developers that inject malicious code into applications that have legitimate functionality.

Pinduoduo Targeted Android Devices

According to Sergey Toshin, founder of Oversecured, Pinduoduo’s malware specifically targeted Android operating systems used by Samsung, HUAWEI, Xiaomi and OPPO.

He also described the app as “the most dangerous malware” ever found in mainstream apps, exploiting about 50 Android system vulnerabilities. Most of these exploits targeted customised OEM code used by smartphone brands to customise their smartphone software.

I’ve never seen anything like this before. It’s like, super expansive.

Recommended : Chinese Netizens Explode Over WPS Office Censorship!

Pinduoduo Removed Exploit + Canned Hacking Team

After cybersecurity researchers started reporting about the app, Pinduoduo released version 6.50.0 on March 5, which removed the exploits they found. Two days later, Pinduoduo disbanded its Android hacking team, according to the same employee.

The hacking team members found themselves locked out of Pinduoduo’s workspace communication app, called Knock, and lost access to files on the company’s internal network, with their privileges revoked.

Most of the team was later transferred to work at Pinduoduo’s sister app, Temu. A core group of about 20 cybersecurity engineers however remain at Pinduoduo.

In addition, Sergey Toshin of Oversecured noted that while the exploits were removed in the new version of Pinduoduo, the underlying code remained and could be reactivated to carry out attacks.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Cybersecurity | MobileTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Leave a ReplyCancel reply