![]() The company told CNN that it strongly rejects “the speculation and accusation that Pinduoduo app is malicious just from a generic and non-conclusive response from Google,” and said there were “several apps that have been suspended from Google Play at the same time.” Pinduoduo parent company PDD Holdings told Reuters Google has not shared details about why it suspended the app. Pinduduo has not yet responded to requests for comment. That analysis includes links to archived versions of Pinduoduo’s app released before March 5 (version 6.50 and lower), which is when Davinci1010 says a new version of the app removed the malicious code. ![]() On March 7, the newly created Github account Davinci1010 published a technical analysis claiming that until recently Pinduoduo’s source code included a “backdoor,” a hacking term used to describe code that allows an adversary to remotely and secretly connect to a compromised system at will. On March 4, 2023, e-commerce expert Liu Huafang posted on the Chinese social media network Weibo that Pinduoduo’s app was using security vulnerabilities to gain market share by stealing user data from its competitors. 3, 2023 post on BreachForums, comparing the redacted code from the DarkNavy analysis with the same function in the Pinduoduo app available for download at the time. ![]() On March 3, 2023, a denizen of the now-defunct cybercrime community BreachForums posted a thread which noted that a unique component of the malicious app code highlighted by DarkNavy also was found in the ecommerce application whose name was apparently redacted from the DarkNavy analysis: Pinduoduo.Ī Mar. “The app has problems such as inexplicable installation, privacy leakage, and inability to uninstall.” “At present, a large number of end users have complained on multiple social platforms,” reads a translated version of the DarkNavy blog post. DarkNavy did not respond to requests for clarification. ![]() In fact, the researchers took care to redact the name of the app from multiple code screenshots published in their writeup. In November 2022, Google documented these three same vulnerabilities being used together to compromise Samsung devices.ĭarkNavy likewise did not name the app they said was responsible for the attacks. ![]() The three Samsung exploits that DarkNavy says were used by the malicious app. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |