HQ/EMEAFind out how we can help your business
On March 21, Google suspended a Chinese budget e-commerce application called Pinduoduo from being available on the Play Store after its other versions on different online app stores were discovered to carry malware.
The suspension allowed cybersecurity experts to analyse the compromised app, where they found that it could allegedly bypass security on mobile devices and track the activities of other apps installed. The Pinduoduo app’s malicious activities include collecting user data, accessing messages, and configuring settings.
The malicious versions of the Pinduoduo app cannot be removed once installed.
Analysis of Pinduoduo showed that its malware-infected versions could not be removed from a device once it had been installed. The app also collects users’ sensitive data and other device activities without appropriate consent, which led to its eventual suspension by Google.
In separate reports, experts explained that Pinduoduo’s developers violated privacy and data security “to the next level” as its behaviour as an application is harmful to people’s safety. There is no new comment from Pinduoduo’s company about the issue, although it had previously rejected any claims, speculations, and accusations of it being malicious.
Security experts also note how it is not typical for a mainstream app like Pinduoduo to behave maliciously, including escalating its access privileges on devices to collect and monitor critical data it is not supposed to be gaining access.
Additionally, the highly unusual behaviour shown by Pinduoduo is believed to plausibly have been attributed to several scenarios, such as the app getting hacked by a threat actor, a malicious insider working for the app, the app losing its signing key, or worst – the app hacking its own users.
With over 900 million users, the Pinduoduo app is China’s most mainstream and utilised budget e-commerce platform. After its recent suspension and revelations of being a malware-infected app, its users are advised to closely monitor any suspicious activities from threat actors that could leverage their data for cyberattacks, including identity theft, fraud, or phishing attempts.
