Moscow-based Cybersecurity Firm Claims It Found Malware in Pinduoduo App

The finding comes after Google suspended the shopping app from its Android store.

Kaspersky Lab, a cybersecurity firm based in Moscow, has identified potential malware in Pinduoduo, a Chinese shopping app developed by PDD Holdings Inc, according to a report by Bloomberg News.

This revelation comes on the heels of Google's decision to suspend the shopping app from its Android store due to security concerns.

Kaspersky Lab tested versions of the app distributed through a local Chinese app store where the likes of Huawei, Tencent, and Xiaomi have a significant presence.

Where Tech Meets Business
NANSHA, CHINA - NOVEMBER 18: David Liu, VP of Stratagy, Pinduoduo speaks with Arjun Kharpal, Senior Correspondent of CNBC during Day 2 of CNBC East Tech West at LN Garden Hotel Nansha Guangzhou on November 18, 2020 in Nansha, Guangzhou, China. Zhong Zhi/Getty Images for CNBC International

Kaspersky Lab's Findings

Kaspersky's findings claim that older app versions exploited system software to install backdoors, enabling unauthorized access to user data and information.

The security company discovered that some versions of the Pinduoduo app contain malicious code that exploits known Android vulnerabilities to elevate privileges and download and execute additional malicious modules, gaining access to users' information and files.

Igor Golovin, a security researcher at Kaspersky, told Bloomberg News in a statement that "Some versions of the Pinduoduo app contain malicious code that exploits known Android vulnerabilities to elevate privileges, download and execute additional malicious modules, some of which have infected users."

The researcher added that these malicious app versions have also been gaining access to information and files.

Google Warns Users About Pinduoduo

In a rare move, Google stopped users from downloading Pinduoduo from one of China's largest online merchants, advising them to remove it from their devices if they already had it.

Users of Google's mobile services, blocked in China, could see the warning. As of Monday, the designation and warnings were in effect in Hong Kong.

The claims that PDD's software contains harmful code have been refuted, and the company has not yet responded to requests for comment.

The finding of suspected malware in Pinduoduo may further inflame the discourse in the US concerning Chinese apps' lack of data security.

Temu, a Pinduoduo app that sells everything from clothing to kitchenware and is widely used in China, has been on Apple Inc.'s radar for the past several months.

The malicious versions of the Pinduoduo app were not found by Kaspersky, which the US listed as a company last year that posed a threat to national security; rather, Kaspersky relied on earlier work by Chinese cybersecurity specialists.

PDD competes for market share in China's e-commerce business against industry behemoths JD.com Inc. and Alibaba Group Holding Ltd.

Byline
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics