![]() One of those strings is "LuciferStrategy. The English translation said that “well-known Internet manufacturers will continue to dig out new Android OEM-related vulnerabilities and implement vulnerability attacks on mainstream mobile phone systems in the current market in their publicly released apps.” The post didn’t name the company or the app, but it did say the app used a “bundle feng shui-Android parcel serialization and deserialization that seems unknown in recent years.” The post included several code snippets found in the allegedly malicious app. Suspicions about the Pinduoduo app first surfaced last month in a post (English translation here) from a research service calling itself Dark Navy. The company representatives didn’t respond to emails that asked follow-up questions and disclosed the results of Lookout’s forensic analysis. We are communicating with Google for more information.” “Google Play informed us on March 21 morning that Pinduoduo APP, among several other apps, was temporarily suspended as the current version is not compliant with Google’s Policy, but has not shared more details. “We strongly reject the speculation and accusation that the Pinduoduo app is malicious from an anonymous researcher,” they wrote in an email. While still smaller than its Chinese rivals Alibaba and JD.com, PDD Holdings, Pinduoduo’s publicly traded parent company, has become the fastest-growing e-commerce firm in that country.Īfter Google removed Pinduoduo from Play, PDD Holdings representatives denied the claims any of its app versions were malicious. It recently was reported to have 751.3 million average monthly active users. Pinduoduo is an e-commerce app for connecting buyers and sellers. The researcher added that Lookout’s analysis was expedited and that a more thorough review will likely find more exploits in the app. ![]() Hebeisen was assisted by Lookout researchers Eugene Kolodenker and Paul Shunk. Given the extremely intrusive nature of such sophisticated app-based malware, this is an important threat mobile users need to protect against.” Advertisement “In recent years, exploits have not usually been seen in the context of mass-distributed apps. The malicious apps represent “a very sophisticated attack for an app-based malware,” Christoph Hebeisen, one of three Lookout researchers who analyzed the file, wrote in an email. The app used these privileges to download code from a developer-designated site and run it within a privileged environment. This privilege-escalation flaw, which was exploited prior to Google’s disclosure, allowed the app to perform operations with elevated privileges. Sophisticated attackĪ preliminary analysis by Lookout found that at least two off-Play versions of Pinduoduo for Android exploited CVE-2023-20963, the tracking number for an Android vulnerability Google patched in updates that became available to end users two weeks ago. TechCrunch reported the malicious apps available in third-party markets exploited several zero-days, vulnerabilities that are known or exploited before a vendor has a patch available. Last Monday, TechCrunch reported that Pinduoduo was pulled from Play after Google discovered a malicious version of the app available elsewhere. No malicious versions were found in Play or Apple’s App Store. In addition to the name of the application and the file, it found that the full path to the file and the last access to the file was available from the RecentApps key hierarchy. The malicious versions of the Pinduoduo app were available in third-party markets, which users in China and elsewhere rely on because the official Google Play market is off-limits or not easy to access. The top-level key, called RecentApps, contained links to several applications and files that were available on the system. Other names may be trademarks of their respective owners.Android apps digitally signed by China’s third-biggest e-commerce company exploited a zero-day vulnerability that allowed them to surreptitiously take control of millions of end-user devices to steal personal data and install malicious apps, researchers from security firm Lookout have confirmed. ![]() The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. Alexa and all related logos are trademarks of, Inc. App Store is a service mark of Apple Inc. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. ![]() Firefox is a trademark of Mozilla Foundation. or its affiliates in the United States and other countries. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. LifeLock identity theft protection is not available in all countries.Ĭopyright © 2022 NortonLifeLock Inc. The Norton and LifeLock Brands are part of NortonLifeLock Inc. ![]()
0 Comments
Leave a Reply. |