{"id":51295,"date":"2023-04-02T23:01:04","date_gmt":"2023-04-02T23:01:04","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34486\/Pinduoduo-Is-Straight-Up-Malware.html"},"modified":"2023-04-02T23:01:04","modified_gmt":"2023-04-02T23:01:04","slug":"pinduoduo-is-straight-up-malware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/pinduoduo-is-straight-up-malware\/","title":{"rendered":"Pinduoduo Is Straight Up Malware"},"content":{"rendered":"<div data-uri=\"archive.cms.cnn.com\/_components\/source\/instances\/source-h_5165eb451271f648c79195b417094da0@published\" class=\"source inline-placeholder\"> <cite class=\"source__cite\"> <span class=\"source__location\" data-editable=\"location\"><\/span> <span class=\"source__text\" data-editable=\"source\">CNN<\/span> &nbsp;\u2014&nbsp; <\/cite>\n<\/div>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_064BD815-C8CD-2060-ED00-326B5F22C677@published\" data-editable=\"text\" data-component-name=\"paragraph\"> It is one of China\u2019s most popular shopping apps, selling clothing, groceries and just about everything else under the sun to more than 750 million users a month. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_3DD9EE15-AD39-F0F4-8A29-3292D0CD8290@published\" data-editable=\"text\" data-component-name=\"paragraph\"> But according to cybersecurity researchers, it can also bypass users\u2019 cell phone security to monitor activities on other apps, check notifications, read private messages and change settings. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_DC81C4A0-0E1C-F9C1-6932-3292D0D593F7@published\" data-editable=\"text\" data-component-name=\"paragraph\"> And once installed, it\u2019s tough to remove. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_60C2EF4A-AED0-D778-69F5-36D0E3442375@published\" data-editable=\"text\" data-component-name=\"paragraph\"> While many apps collect vast troves of user data, sometimes without explicit consent, experts say e-commerce giant Pinduoduo<strong> <\/strong>has taken violations of privacy and data security to the next level. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_C35D7D30-1E5B-0DC2-36ED-3292D0EC0245@published\" data-editable=\"text\" data-component-name=\"paragraph\"> In a detailed investigation, CNN spoke to half a dozen cybersecurity teams from Asia, Europe and the United States \u2014 as well as multiple former and current Pinduoduo employees \u2014 after receiving a tipoff. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_85A3D40D-E95C-A40B-8374-378160C58888@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Multiple experts identified the presence of malware on the Pinduoduo app that exploited vulnerabilities in Android operating systems. Company insiders said the exploits were utilized to spy on users and competitors, allegedly to boost sales. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_940D1257-A07E-E1F7-57AE-3292D10699E8@published\" data-editable=\"text\" data-component-name=\"paragraph\"> \u201cWe haven\u2019t seen a mainstream app like this trying to escalate their privileges to gain access to things that they\u2019re not supposed to gain access to,\u201d said Mikko Hypp\u00f6nen, chief research officer at WithSecure, a Finnish cybersecurity firm. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_38CE3CC9-FB3B-2206-B91C-42B42388E5AC@published\" data-editable=\"text\" data-component-name=\"paragraph\"> \u201cThis is highly unusual, and it is pretty damning for Pinduoduo.\u201d <\/p>\n<aside data-uri=\"archive.cms.cnn.com\/_components\/pull-quote\/instances\/pull_quote-interactive_9A30AACE-4E80-F339-1638-3AC72015A409@published\" class=\"pull-quote\"> <svg class=\"icon-sig-quote-default\" width=\"24\" height=\"24\" viewBox=\"0 0 24 24\"><path d=\"M9.277 6l.536.937c-1.224 1.12-1.584 2.961-1.6 4.236v.016h3.569v7.781H4v-6.103l.006-.02C4.037 10.014 6.287 6.874 9.276 6zm9.079 0l.536.937c-1.224 1.12-1.584 2.961-1.6 4.236v.016h3.569v7.78h-7.782v-6.102l.006-.02c.031-2.833 2.281-5.973 5.27-6.847z\" \/><\/svg> <\/p>\n<p class=\"pull-quote__text\" data-editable=\"text\"> This is highly unusual, and it is pretty damning for Pinduoduo. <\/p>\n<p class=\"pull-quote__attribution\" data-editable=\"attribution\"> Mikko Hypp\u00f6nen, cybersecurity expert <\/p>\n<\/aside>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_500A1F56-BF61-4463-C200-42AF7F802578@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Malware, short for malicious software, refers to any software developed to steal data or interfere with computer systems and mobile devices. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_4D5447A7-0B68-86FE-66DE-28BE1AB592A6@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Evidence of sophisticated malware in the Pinduoduo app comes amid intense scrutiny of Chinese-developed apps like TikTok over concerns about data security. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_542A603B-B3C6-62C6-23F9-31E6E88D1193@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Some American lawmakers are pushing for a <a href=\"https:\/\/www.cnn.com\/2023\/03\/24\/tech\/tiktok-ban-national-security-hearing\/index.html\" target=\"_blank\" rel=\"noopener\">national ban<\/a> on the popular short-video app, whose CEO Shou Chew <a href=\"https:\/\/www.cnn.com\/2023\/03\/23\/tech\/tiktok-ceo-hearing\/index.html\" target=\"_blank\" rel=\"noopener\">was grilled<\/a> by Congress for five hours last week about its relations with the Chinese government. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_35483E00-F571-40DA-33B8-31E36275FE17@published\" data-editable=\"text\" data-component-name=\"paragraph\"> The revelations are also likely to draw more attention to Pinduoduo\u2019s international sister app, Temu, which is <a href=\"https:\/\/www.cnn.com\/2023\/02\/16\/tech\/temu-shopping-app-us-popularity-intl-hnk\/index.html\" target=\"_blank\" rel=\"noopener\">topping US download charts<\/a> and fast expanding in other Western markets. Both are owned by Nasdaq-listed PDD, a multinational company with roots in China. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_D631CFEF-824E-8814-48EF-28F76E5EB99D@published\" data-editable=\"text\" data-component-name=\"paragraph\"> While Temu has not been implicated, Pinduoduo\u2019s alleged actions risk casting a shadow over its sister app\u2019s global expansion. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_D42321DF-B416-C273-EEE7-3C5E876476D1@published\" data-editable=\"text\" data-component-name=\"paragraph\"> There is no evidence that Pinduoduo has handed data to the Chinese government. But as Beijing enjoys significant leverage over businesses under its jurisdiction, <a href=\"https:\/\/www.cnn.com\/2023\/03\/23\/media\/tiktok-ceo-congress-reliable-sources\/index.html\" target=\"_blank\" rel=\"noopener\">there are concerns<\/a> from US lawmakers that any company operating in China could be forced to cooperate with a broad range of security activities. <\/p>\n<div data-uri=\"archive.cms.cnn.com\/_components\/image\/instances\/image-2fbbe45c7f11003f7df5e70bdd6274fc@published\" class=\"image image__hide-placeholder\" data-image-variation=\"image\" data-name=\"FILE Pinduoduo market\" data-component-name=\"image\" data-observe-resizes data-breakpoints=\"{&quot;image--eq-extra-small&quot;: 115, &quot;image--eq-small&quot;: 300}\" data-original-ratio=\"0.666875\" data-original-height=\"1067\" data-original-width=\"1600\" data-url=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331164219-file-pinduoduo-market.jpg?c=original\" data-editable=\"settings\">\n<div class=\"image__container \" data-image-variation=\"image\" data-breakpoints=\"{&quot;image--eq-extra-small&quot;: 115, &quot;image--eq-small&quot;: 300, &quot;image--show-credits&quot;: 596}\"> <picture class=\"image__picture\"><source height=\"720\" width=\"1280\" media=\"(min-width: 1280px)\" srcset=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331164219-file-pinduoduo-market.jpg?c=16x9&amp;q=h_720,w_1280,c_fill\/f_webp\" type=\"image\/webp\"><source height=\"540\" width=\"960\" media=\"(min-width: 960px)\" srcset=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331164219-file-pinduoduo-market.jpg?c=16x9&amp;q=h_540,w_960,c_fill\/f_webp\" type=\"image\/webp\"><source height=\"270\" width=\"480\" media=\"(-webkit-min-device-pixel-ratio: 2)\" srcset=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331164219-file-pinduoduo-market.jpg?c=16x9&amp;q=h_270,w_480,c_fill\/f_webp\" type=\"image\/webp\"><img decoding=\"async\" src=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331164219-file-pinduoduo-market.jpg?c=16x9&amp;q=h_720,w_1280,c_fill\" alt=\"Pinduoduo's parent company PDD is listed on the Nasdaq in New York.\" class=\"image__dam-img image__dam-img--loading\" onload=\"this.classList.remove('image__dam-img--loading')\" height=\"1067\" width=\"1600\" loading=\"lazy\"><\/picture> <\/div>\n<\/p><\/div>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_A4C7820C-DD04-85F3-0860-3C62CC11D35A@published\" data-editable=\"text\" data-component-name=\"paragraph\"> The findings follow <a href=\"https:\/\/www.cnn.com\/2023\/03\/21\/tech\/china-google-pinduoduo-malware-app-intl-hk\/index.html\" target=\"_blank\" rel=\"noopener\">Google\u2019s suspension<\/a> of Pinduoduo from its Play Store in March, citing malware identified in versions of the app. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_BCF6CF92-8083-D56B-8FC0-32A101E7B4A0@published\" data-editable=\"text\" data-component-name=\"paragraph\"> An <a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2023-03-27\/pinduoduo-app-malware-detailed-by-cybersecurity-researchers?sref=IIP4JEyu\" target=\"_blank\" rel=\"noopener\">ensuing report<\/a> from Bloomberg said a Russian cybersecurity firm had also identified potential malware in the app. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_1431D409-3B76-CB28-0A87-32D543503442@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Pinduoduo has <a href=\"https:\/\/www.cnn.com\/2023\/03\/21\/tech\/china-google-pinduoduo-malware-app-intl-hk\/index.html\" target=\"_blank\" rel=\"noopener\">previously rejected<\/a> \u201cthe speculation and accusation that Pinduoduo app is malicious.\u201d <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_7B7E6880-F5CB-CA8E-567B-31681B0B080B@published\" data-editable=\"text\" data-component-name=\"paragraph\"> CNN has contacted PDD multiple times over email and phone for comment, but has not received a response. <\/p>\n<h2 class=\"subheader\" data-editable=\"text\" data-uri=\"archive.cms.cnn.com\/_components\/subheader\/instances\/paragraph_BAE6A84A-CC3A-92E7-4244-316891504813@published\" data-component-name=\"subheader\" id=\"paragraph-bae6a84a-cc3a-92e7-4244-316891504813\"> Rise to success <\/h2>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_320F2B87-2EDA-CBCE-B127-31B668893BDB@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Pinduoduo, which boasts a user base that accounts for three quarters of China\u2019s online population and<strong> <\/strong>a market value three times that of eBay <a href=\"https:\/\/money.cnn.com\/quote\/quote.html?symb=EBAY&amp;source=story_quote_link\"> (EBAY)<\/a>, wasn\u2019t always an online shopping behemoth. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_02C0B85B-7C63-5190-6F9A-31F1B51C87B6@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Founded in 2015 in Shanghai by <a href=\"https:\/\/www.cnn.com\/2021\/03\/18\/tech\/pinduoduo-colin-huang-intl-hnk\/index.html\" target=\"_blank\" rel=\"noopener\">Colin Huang<\/a>, a former Google employee, the startup was fighting to establish itself in a market long dominated by e-commerce stalwarts Alibaba <a href=\"https:\/\/money.cnn.com\/quote\/quote.html?symb=BABA&amp;source=story_quote_link\"> (BABA)<\/a> and JD.com <a href=\"https:\/\/money.cnn.com\/quote\/quote.html?symb=JD&amp;source=story_quote_link\"> (JD)<\/a>. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_B09E7D50-AF8C-32D9-4F11-31F3860A9459@published\" data-editable=\"text\" data-component-name=\"paragraph\"> It succeeded by offering steep discounts on friends-and-family group buying orders and focusing on lower-income rural areas. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_68467425-C6C7-1B0D-8FAC-3201F5001DCE@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Pinduoduo posted triple digit<a href=\"https:\/\/investor.pddholdings.com\/financial-information\/quarterly-results\" target=\"_blank\" rel=\"noopener\"> growth<\/a> in monthly users until the end of 2018, the year <a href=\"https:\/\/money.cnn.com\/2018\/07\/26\/technology\/pinduoduo-ipo-china-startup\/index.html\" target=\"_blank\" rel=\"noopener\">it listed<\/a> in New York. By the middle of 2020, though, the increase in monthly users had slowed to around 50% and would continue to decline, according to its <a href=\"https:\/\/investor.pddholdings.com\/financial-information\/quarterly-results\" target=\"_blank\" rel=\"noopener\">earnings reports<\/a>. <\/p>\n<div data-uri=\"archive.cms.cnn.com\/_components\/image\/instances\/image-37d8eb8dc4a147a13ed60a52f3f64e9a@published\" class=\"image image__hide-placeholder\" data-image-variation=\"image\" data-name=\"Colin Huang Zheng FILE\" data-component-name=\"image\" data-observe-resizes data-breakpoints=\"{&quot;image--eq-extra-small&quot;: 115, &quot;image--eq-small&quot;: 300}\" data-original-ratio=\"0.676875\" data-original-height=\"1083\" data-original-width=\"1600\" data-url=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331160904-colin-huang-zheng-file.jpg?c=original\" data-editable=\"settings\">\n<div class=\"image__container \" data-image-variation=\"image\" data-breakpoints=\"{&quot;image--eq-extra-small&quot;: 115, &quot;image--eq-small&quot;: 300, &quot;image--show-credits&quot;: 596}\"> <picture class=\"image__picture\"><source height=\"720\" width=\"1280\" media=\"(min-width: 1280px)\" srcset=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331160904-colin-huang-zheng-file.jpg?c=16x9&amp;q=h_720,w_1280,c_fill\/f_webp\" type=\"image\/webp\"><source height=\"540\" width=\"960\" media=\"(min-width: 960px)\" srcset=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331160904-colin-huang-zheng-file.jpg?c=16x9&amp;q=h_540,w_960,c_fill\/f_webp\" type=\"image\/webp\"><source height=\"270\" width=\"480\" media=\"(-webkit-min-device-pixel-ratio: 2)\" srcset=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331160904-colin-huang-zheng-file.jpg?c=16x9&amp;q=h_270,w_480,c_fill\/f_webp\" type=\"image\/webp\"><img decoding=\"async\" src=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331160904-colin-huang-zheng-file.jpg?c=16x9&amp;q=h_720,w_1280,c_fill\" alt=\"Colin Huang, a former Google employee, founded Pinduoduo in 2015 in Shanghai. He stepped down as CEO in 2020 and resigned as chairman the following year.\" class=\"image__dam-img image__dam-img--loading\" onload=\"this.classList.remove('image__dam-img--loading')\" height=\"1083\" width=\"1600\" loading=\"lazy\"><\/picture> <\/div>\n<\/p><\/div>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_01FDEE77-698F-C0C8-05D9-3C6078459A1B@published\" data-editable=\"text\" data-component-name=\"paragraph\"> It was in 2020, according to a current Pinduoduo employee, that the company set up a team of about 100 engineers and product managers to dig for vulnerabilities in Android phones, develop ways to exploit them \u2014 and turn that into profit. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_BD349639-432B-29BE-1F04-320D2B92C8A5@published\" data-editable=\"text\" data-component-name=\"paragraph\"> According to the source, who requested anonymity for fear of reprisals, the company only targeted users in rural areas and smaller towns initially, while avoiding users in megacities such as Beijing and Shanghai. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_A55CF4FC-74C4-510F-D1A6-320D3155638F@published\" data-editable=\"text\" data-component-name=\"paragraph\"> \u201cThe goal was to reduce the risk of being exposed,\u201d they said. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_F1132CD8-A8CE-1BD8-5A57-320E6731EC3F@published\" data-editable=\"text\" data-component-name=\"paragraph\"> By collecting expansive data on user activities, the company was able to create a comprehensive portrait of users\u2019 habits, interests and preferences, according to the source. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_B421C599-51E6-29D6-B114-320A248058C3@published\" data-editable=\"text\" data-component-name=\"paragraph\"> This allowed it to improve its machine learning model to offer more personalized push notifications and ads, attracting users to open the app and place orders, they said. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_FE353A88-DACD-9279-F134-320A2480CBEB@published\" data-editable=\"text\" data-component-name=\"paragraph\"> The team was disbanded in early March, the source added, after questions about their activities came to light. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_EE609B40-7C34-AAA7-1308-320C14044E25@published\" data-editable=\"text\" data-component-name=\"paragraph\"> PDD didn\u2019t reply to CNN\u2019s repeated requests for comment on the team. <\/p>\n<h2 class=\"subheader\" data-editable=\"text\" data-uri=\"archive.cms.cnn.com\/_components\/subheader\/instances\/paragraph_0CA15B92-CD16-DE72-D533-3216F6878AC5@published\" data-component-name=\"subheader\" id=\"paragraph-0ca15b92-cd16-de72-d533-3216f6878ac5\"> What experts found<br \/>\n<\/h2>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_786606C8-0322-B4C6-C05F-30AA66E8BED5@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Approached by CNN, researchers from Tel Aviv-based cyber firm Check Point Research, Delaware-based app security startup Oversecured and Hypp\u00f6nen\u2019s WithSecure conducted independent analysis of the 6.49.0 version of the app, released on Chinese app stores in late February. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_DA61CD52-4E32-A3D6-8A8C-3CE26A17D372@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Google Play is not available in China, and Android users in the country download their apps from local stores. In March, when Google suspended Pinduoduo, it said it had found malware in off-Play versions of the app. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_E78889E7-7E21-0EC5-5197-30D603F9724C@published\" data-editable=\"text\" data-component-name=\"paragraph\"> The researchers found code designed to achieve \u201cprivilege escalation\u201d: a type of cyberattack that exploits a vulnerable operating system to gain a higher level of access to data than it\u2019s supposed to have, according to experts. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_FBC48849-E01F-D8D8-55AB-2C8C7DA15372@published\" data-editable=\"text\" data-component-name=\"paragraph\"> \u201cOur team has reverse engineered that code and we can confirm that it tries to escalate rights, tries to gain access to things normal apps wouldn\u2019t be able to do on Android phones,\u201d said Hypp\u00f6nen. <\/p>\n<div data-uri=\"archive.cms.cnn.com\/_components\/image\/instances\/image-814da52f097d50670984a940e16cf3fd@published\" class=\"image image__hide-placeholder\" data-image-variation=\"image\" data-name=\"china mobile economy\" data-component-name=\"image\" data-observe-resizes data-breakpoints=\"{&quot;image--eq-extra-small&quot;: 115, &quot;image--eq-small&quot;: 300}\" data-original-ratio=\"0.666875\" data-original-height=\"1067\" data-original-width=\"1600\" data-url=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331163417-china-mobile-economy.jpg?c=original\" data-editable=\"settings\">\n<div class=\"image__container \" data-image-variation=\"image\" data-breakpoints=\"{&quot;image--eq-extra-small&quot;: 115, &quot;image--eq-small&quot;: 300, &quot;image--show-credits&quot;: 596}\"> <picture class=\"image__picture\"><source height=\"720\" width=\"1280\" media=\"(min-width: 1280px)\" srcset=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331163417-china-mobile-economy.jpg?c=16x9&amp;q=h_720,w_1280,c_fill\/f_webp\" type=\"image\/webp\"><source height=\"540\" width=\"960\" media=\"(min-width: 960px)\" srcset=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331163417-china-mobile-economy.jpg?c=16x9&amp;q=h_540,w_960,c_fill\/f_webp\" type=\"image\/webp\"><source height=\"270\" width=\"480\" media=\"(-webkit-min-device-pixel-ratio: 2)\" srcset=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331163417-china-mobile-economy.jpg?c=16x9&amp;q=h_270,w_480,c_fill\/f_webp\" type=\"image\/webp\"><img decoding=\"async\" src=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331163417-china-mobile-economy.jpg?c=16x9&amp;q=h_720,w_1280,c_fill\" alt=\"In China, about three quarters of smartphone users are on the Android system.\" class=\"image__dam-img image__dam-img--loading\" onload=\"this.classList.remove('image__dam-img--loading')\" height=\"1067\" width=\"1600\" loading=\"lazy\"><\/picture> <\/div>\n<\/p><\/div>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_6A60DD97-1EF9-7058-E9A6-3C6113977558@published\" data-editable=\"text\" data-component-name=\"paragraph\"> The app was able to continue running in the background and prevent itself from being uninstalled, which allowed it to boost its monthly active user rates, Hypp\u00f6nen said. It also had the ability to spy on competitors by tracking activity on other shopping apps and getting information from them, he added. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_C9FA09C6-6C50-3FAB-92FC-323F17749D1A@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Check Point Research additionally identified ways in which the app was able to evade scrutiny. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_27177215-EA87-51BC-E3EF-323F1B817455@published\" data-editable=\"text\" data-component-name=\"paragraph\"> The app deployed a method that allowed it to push updates without an app store review process meant to detect malicious applications, the researchers said. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_F2A36D62-97C0-E33C-3195-323F1B810082@published\" data-editable=\"text\" data-component-name=\"paragraph\"> They also identified in some plug-ins the intent to obscure potentially malicious components by hiding them under legitimate file names, such as Google\u2019s. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_9ABE35D1-FFEC-8636-5B7E-323F1B829983@published\" data-editable=\"text\" data-component-name=\"paragraph\"> \u201cSuch a technique is widely used by malware developers that inject malicious code into applications that have legitimate functionality,\u201d they said. <\/p>\n<h2 class=\"subheader\" data-editable=\"text\" data-uri=\"archive.cms.cnn.com\/_components\/subheader\/instances\/paragraph_747AB83B-F638-E715-8BE5-292B2DF87531@published\" data-component-name=\"subheader\" id=\"paragraph-747ab83b-f638-e715-8be5-292b2df87531\"> Android targeted<br \/>\n<\/h2>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_63863786-23FF-6034-EA8E-32BA4ECE4BCE@published\" data-editable=\"text\" data-component-name=\"paragraph\"> In China, about three quarters of smartphone users are on the <a href=\"https:\/\/www.cnn.com\/2019\/08\/09\/tech\/huawei-harmony-os\/index.html\" target=\"_blank\" rel=\"noopener\">Android system<\/a>. Apple <a href=\"https:\/\/money.cnn.com\/quote\/quote.html?symb=AAPL&amp;source=story_quote_link\"> (AAPL)<\/a>\u2019s iPhone has 25% market share, according to Daniel Ives of Wedbush Securities. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_1221885F-4025-6B4E-5DB6-30D972A75294@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Sergey Toshin, the founder of Oversecured, said Pinduoduo\u2019s malware specifically targeted different Android-based operating systems, including those used by Samsung, Huawei, Xiaomi and Oppo. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_0314BE6C-9D25-EE37-9FAD-322CA1594498@published\" data-editable=\"text\" data-component-name=\"paragraph\"> CNN has reached out to these companies for comment. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_16F3F4CA-2318-BF5A-7A7A-322C1965B058@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Toshin described Pinduoduo as \u201cthe most dangerous malware\u201d ever found among mainstream apps. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_0F2A39C2-7469-A943-6459-36AE41F40AFB@published\" data-editable=\"text\" data-component-name=\"paragraph\"> \u201cI\u2019ve never seen anything like this before. It\u2019s like, super expansive,\u201d he said. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_2453D617-D485-1EDB-1D92-308006E9301A@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Most phone manufacturers globally customize the core Android software, the Android Open Source Project (AOSP), to add unique features and applications to their own devices. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_6C363550-CE46-2B1E-6941-314E2BB13475@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Toshin found Pinduoduo to have exploited about 50 Android system vulnerabilities. Most of the exploits were tailor made for customized parts known as the original equipment manufacturer (OEM) code, which tends to be audited less often than AOSP and is therefore more prone to vulnerabilities, he said. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_6B727520-4990-CDBF-5ED9-3C641B71E0BB@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Pinduoduo also exploited a number of AOSP vulnerabilities, including one which was flagged by Toshin to Google in February 2022. Google fixed the bug this March, he said. <\/p>\n<aside data-uri=\"archive.cms.cnn.com\/_components\/pull-quote\/instances\/pull_quote-interactive_ABE8A5FD-2F8E-63DE-8BB3-3AD5E87A854B@published\" class=\"pull-quote\"> <svg class=\"icon-sig-quote-default\" width=\"24\" height=\"24\" viewBox=\"0 0 24 24\"><path d=\"M9.277 6l.536.937c-1.224 1.12-1.584 2.961-1.6 4.236v.016h3.569v7.781H4v-6.103l.006-.02C4.037 10.014 6.287 6.874 9.276 6zm9.079 0l.536.937c-1.224 1.12-1.584 2.961-1.6 4.236v.016h3.569v7.78h-7.782v-6.102l.006-.02c.031-2.833 2.281-5.973 5.27-6.847z\" \/><\/svg> <\/p>\n<p class=\"pull-quote__text\" data-editable=\"text\"> I\u2019ve never seen anything like this before. It\u2019s like, super expansive. <\/p>\n<p class=\"pull-quote__attribution\" data-editable=\"attribution\"> Sergey Toshin, Android security expert <\/p>\n<\/aside>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_167BD27B-7F32-387E-116D-3150096FE5D0@published\" data-editable=\"text\" data-component-name=\"paragraph\"> According to Toshin, the exploits allowed Pinduoduo access to users\u2019 locations, contacts, calendars, notifications and photo albums without their consent. They were also able to change system settings and access users\u2019 social network accounts and chats, he said. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_9DF4318D-ED7B-6BA4-973B-3C45840F94CF@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Of the six teams CNN spoke to for this story, three did not conduct full examinations. But their primary reviews showed that Pinduoduo asked for a large number of permissions beyond the normal functions of a shopping app. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_42683E19-0624-4ED4-66A7-3706A8C4D4A6@published\" data-editable=\"text\" data-component-name=\"paragraph\"> They included \u201cpotentially invasive permissions\u201d such as \u201cset wallpaper\u201d and \u201cdownload without notification,\u201d said Ren\u00e9 Mayrhofer, head of the Institute of Networks and Security at the Johannes Kepler University Linz in Austria. <\/p>\n<div data-uri=\"archive.cms.cnn.com\/_components\/image\/instances\/image-f2da12c24b1fb1c356677380240c430a@published\" class=\"image image__hide-placeholder\" data-image-variation=\"image\" data-name=\"File china people phones\" data-component-name=\"image\" data-observe-resizes data-breakpoints=\"{&quot;image--eq-extra-small&quot;: 115, &quot;image--eq-small&quot;: 300}\" data-original-ratio=\"0.6675\" data-original-height=\"1068\" data-original-width=\"1600\" data-url=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331163401-file-china-people-phones.jpg?c=original\" data-editable=\"settings\">\n<div class=\"image__container \" data-image-variation=\"image\" data-breakpoints=\"{&quot;image--eq-extra-small&quot;: 115, &quot;image--eq-small&quot;: 300, &quot;image--show-credits&quot;: 596}\"> <picture class=\"image__picture\"><source height=\"720\" width=\"1280\" media=\"(min-width: 1280px)\" srcset=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331163401-file-china-people-phones.jpg?c=16x9&amp;q=h_720,w_1280,c_fill\/f_webp\" type=\"image\/webp\"><source height=\"540\" width=\"960\" media=\"(min-width: 960px)\" srcset=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331163401-file-china-people-phones.jpg?c=16x9&amp;q=h_540,w_960,c_fill\/f_webp\" type=\"image\/webp\"><source height=\"270\" width=\"480\" media=\"(-webkit-min-device-pixel-ratio: 2)\" srcset=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331163401-file-china-people-phones.jpg?c=16x9&amp;q=h_270,w_480,c_fill\/f_webp\" type=\"image\/webp\"><img decoding=\"async\" src=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331163401-file-china-people-phones.jpg?c=16x9&amp;q=h_720,w_1280,c_fill\" alt=\"People using their phones on the Beijing subway in July 2022.\" class=\"image__dam-img image__dam-img--loading\" onload=\"this.classList.remove('image__dam-img--loading')\" height=\"1068\" width=\"1600\" loading=\"lazy\"><\/picture> <\/div>\n<\/p><\/div>\n<h2 class=\"subheader\" data-editable=\"text\" data-uri=\"archive.cms.cnn.com\/_components\/subheader\/instances\/paragraph_0936F0FF-4FFA-E349-02B5-36F9AECDEF1D@published\" data-component-name=\"subheader\" id=\"paragraph-0936f0ff-4ffa-e349-02b5-36f9aecdef1d\"> Disbanding the team<br \/>\n<\/h2>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_13322D99-9562-B42A-5FC0-37707C9ACE93@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Suspicions about malware in Pinduoduo\u2019s app were first raised in late February in a <a href=\"https:\/\/mp.weixin.qq.com\/s\/P_EYQxOEupqdU0BJMRqWsw\" target=\"_blank\" rel=\"noopener\">report<\/a> by a Chinese cybersecurity firm called Dark Navy. Even though the analysis didn\u2019t directly name the shopping giant, the report spread quickly among other researchers, who did name the company. Some of the analysts followed up with <a href=\"https:\/\/github.com\/davincifans101\/pinduoduo_backdoor_detailed_report\/blob\/main\/README.md\" target=\"_blank\" rel=\"noopener\">their own reports<\/a> confirming the original findings. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_67B15C42-6019-70F6-3F75-31A825320743@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Soon after, on March 5, Pinduoduo issued a new update of its app, version 6.50.0, which removed the exploits, according to two experts who CNN spoke to. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_EF984581-4203-FE81-A961-31AB4453D0B2@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Two days after the update, Pinduoduo disbanded the team of engineers and product managers who had developed the exploits, according to the Pinduoduo source. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_76E44658-8545-4782-9955-31B2D84D6378@published\" data-editable=\"text\" data-component-name=\"paragraph\"> The next day, team members found themselves locked out of Pinduoduo\u2019s bespoke workplace communication app, Knock, and lost access to files on the company\u2019s internal network. Engineers also found their access to big data, data sheets and the log system revoked, the source said. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_5CBF1036-CA01-FD96-1A94-31AF8783F71B@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Most of the team were transferred to work at Temu. They were assigned to different departments at the subsidiary, with some working on marketing or developing push notifications, according to the source. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_73BBCC46-D683-5FE3-BD1A-31AF8783E8AB@published\" data-editable=\"text\" data-component-name=\"paragraph\"> A core group of about 20 cybersecurity engineers who specialize in finding and exploiting vulnerabilities remain at Pinduoduo, they said. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_81450FE5-D750-04E5-AEFD-32AD09CE9E98@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Toshin of Oversecured, who looked into the update, said although the exploits were removed, the underlying code was still there and could be reactivated to carry out attacks. <\/p>\n<h2 class=\"subheader\" data-editable=\"text\" data-uri=\"archive.cms.cnn.com\/_components\/subheader\/instances\/paragraph_B3130D31-3E5F-5FD8-03D6-32437F446E62@published\" data-component-name=\"subheader\" id=\"paragraph-b3130d31-3e5f-5fd8-03d6-32437f446e62\"> Oversight failure<br \/>\n<\/h2>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_89297F74-2FD3-5752-67B3-3156077E3237@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Pinduoduo has been able to grow its user base against a backdrop of the Chinese government\u2019s <a href=\"https:\/\/www.cnn.com\/2021\/11\/02\/tech\/china-economy-crackdown-private-companies-intl-hnk\/index.html\" target=\"_blank\" rel=\"noopener\">regulatory clampdown<\/a> on Big Tech that began in late 2020. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_2EF44862-CB03-B504-3AB5-31C5F654E56F@published\" data-editable=\"text\" data-component-name=\"paragraph\"> That year, the Ministry of Industry and Information Technology <a href=\"http:\/\/www.gov.cn\/zhengce\/zhengceku\/2020-08\/02\/content_5531975.htm\" target=\"_blank\" rel=\"noopener\">launched a sweeping crackdown<\/a> on apps that illegally collect and use personal data. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_6652B463-E00F-1E1A-7DF0-2DD3FB4F0071@published\" data-editable=\"text\" data-component-name=\"paragraph\"> In 2021, Beijing <a href=\"https:\/\/www.brookings.edu\/articles\/seven-major-changes-in-chinas-finalized-personal-information-protection-law\/\" target=\"_blank\" rel=\"noopener\">passed<\/a> its first comprehensive data privacy legislation. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_402C1870-C5D2-E6DC-CADB-3233254283F0@published\" data-editable=\"text\" data-component-name=\"paragraph\"> The <a href=\"http:\/\/www.npc.gov.cn\/npc\/c30834\/202108\/a8c4e3672c74491a80b53a172bb753fe.shtml\" target=\"_blank\" rel=\"noopener\">Personal Information Protection Law<\/a> stipulates that no party should illegally collect, process or transmit personal information. They\u2019re also banned from exploiting internet-related security vulnerabilities or engaging in actions that endanger cybersecurity. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_758E3C17-018B-C79C-9BE0-31C1C67E3971@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Pinduoduo\u2019s apparent malware would be a violation of those laws, tech policy experts say, and should have been detected by the regulator. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_40C984CC-95B1-CEB1-14F2-3ADAC0612CE6@published\" data-editable=\"text\" data-component-name=\"paragraph\"> \u201cThis would be embarrassing for the Ministry of Industry and Information Technology, because this is their job,\u201d said Kendra Schaefer, a tech policy expert at Trivium China, a consultancy. \u201cThey\u2019re supposed to check Pinduoduo, and the fact that they didn\u2019t find (anything) is embarrassing for the regulator.\u201d <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_C9032192-F19B-F305-9755-31CB632BA5D6@published\" data-editable=\"text\" data-component-name=\"paragraph\"> The ministry has regularly published <a href=\"https:\/\/www.miit.gov.cn\/xwdt\/gxdt\/sjdt\/art\/2020\/art_a68bc4b6aef9499f80a48417f00fc6bf.html\" target=\"_blank\" rel=\"noopener\">lists<\/a> to name and shame apps found to have undermined user privacy or other rights. It also publishes a separate <a href=\"https:\/\/www.miit.gov.cn\/xwdt\/gxdt\/sjdt\/art\/2020\/art_c1191c5b2db94b52a0f32d785e4c54bf.html\" target=\"_blank\" rel=\"noopener\">list<\/a> of apps that are removed from app stores for failing to comply with regulations. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_1132EF3D-3FF8-B359-A1E6-3C64EAAFB4BC@published\" data-editable=\"text\" data-component-name=\"paragraph\"> Pinduoduo did not appear on any of the lists. <\/p>\n<aside data-uri=\"archive.cms.cnn.com\/_components\/pull-quote\/instances\/pull_quote-interactive_ECAC8DA8-FF78-BB90-FCA3-3AD95828F7C0@published\" class=\"pull-quote\"> <svg class=\"icon-sig-quote-default\" width=\"24\" height=\"24\" viewBox=\"0 0 24 24\"><path d=\"M9.277 6l.536.937c-1.224 1.12-1.584 2.961-1.6 4.236v.016h3.569v7.781H4v-6.103l.006-.02C4.037 10.014 6.287 6.874 9.276 6zm9.079 0l.536.937c-1.224 1.12-1.584 2.961-1.6 4.236v.016h3.569v7.78h-7.782v-6.102l.006-.02c.031-2.833 2.281-5.973 5.27-6.847z\" \/><\/svg> <\/p>\n<p class=\"pull-quote__text\" data-editable=\"text\"> They\u2019re supposed to check Pinduoduo, and the fact that they didn\u2019t find (anything) is embarrassing for the regulator. <\/p>\n<p class=\"pull-quote__attribution\" data-editable=\"attribution\"> Kendra Schaefer, tech policy expert <\/p>\n<\/aside>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_F46A9293-2673-BDF9-B076-30E9BF388BBD@published\" data-editable=\"text\" data-component-name=\"paragraph\"> CNN has reached out to the Ministry of Industry and Information Technology and the Cyberspace Administration of China for comment. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_3D35276C-098B-17B3-9DDF-31D6E8BC4463@published\" data-editable=\"text\" data-component-name=\"paragraph\"> On Chinese social media, some cybersecurity experts questioned why regulators haven\u2019t taken any action. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_118F9EBB-888D-1F98-AFB8-324357930B40@published\" data-editable=\"text\" data-component-name=\"paragraph\"> \u201cProbably none of our regulators can understand coding and programming, nor do they understand technology. You can\u2019t even understand the malicious code when it\u2019s shoved right in front of your face,\u201d a cybersecurity expert with 1.8 million followers wrote last week in a viral post on Weibo, a Twitter-like platform. <\/p>\n<p class=\"paragraph inline-placeholder\" data-uri=\"archive.cms.cnn.com\/_components\/paragraph\/instances\/paragraph_339F2A40-2B59-02E4-D580-32463F67A087@published\" data-editable=\"text\" data-component-name=\"paragraph\"> The post was censored the next day. <\/p>\n<p class=\"footnote\" data-uri=\"archive.cms.cnn.com\/_components\/footnote\/instances\/370d0bca65f03d50f28a239884af51d2@published\" data-editable=\"text\"> CNN\u2019s Kristie Lu Stout and Sean Lyngaas contributed reporting.\n<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34486\/Pinduoduo-Is-Straight-Up-Malware.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[10453],"class_list":["post-51295","post","type-post","status-publish","format-standard","hentry","category-packet-storm","tag-headlinegovernmentprivacymalwarephonechinadata-lossspyware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Pinduoduo Is Straight Up Malware 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/pinduoduo-is-straight-up-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Pinduoduo Is Straight Up Malware 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/pinduoduo-is-straight-up-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-02T23:01:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331164219-file-pinduoduo-market.jpg?c=16x9&amp;q=h_720,w_1280,c_fill\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pinduoduo-is-straight-up-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pinduoduo-is-straight-up-malware\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Pinduoduo Is Straight Up Malware\",\"datePublished\":\"2023-04-02T23:01:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pinduoduo-is-straight-up-malware\\\/\"},\"wordCount\":1980,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pinduoduo-is-straight-up-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/media.cnn.com\\\/api\\\/v1\\\/images\\\/stellar\\\/prod\\\/230331164219-file-pinduoduo-market.jpg?c=16x9&amp;q=h_720,w_1280,c_fill\",\"keywords\":[\"headline,government,privacy,malware,phone,china,data loss,spyware\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pinduoduo-is-straight-up-malware\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pinduoduo-is-straight-up-malware\\\/\",\"name\":\"Pinduoduo Is Straight Up Malware 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pinduoduo-is-straight-up-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pinduoduo-is-straight-up-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/media.cnn.com\\\/api\\\/v1\\\/images\\\/stellar\\\/prod\\\/230331164219-file-pinduoduo-market.jpg?c=16x9&amp;q=h_720,w_1280,c_fill\",\"datePublished\":\"2023-04-02T23:01:04+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pinduoduo-is-straight-up-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pinduoduo-is-straight-up-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pinduoduo-is-straight-up-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/media.cnn.com\\\/api\\\/v1\\\/images\\\/stellar\\\/prod\\\/230331164219-file-pinduoduo-market.jpg?c=16x9&amp;q=h_720,w_1280,c_fill\",\"contentUrl\":\"https:\\\/\\\/media.cnn.com\\\/api\\\/v1\\\/images\\\/stellar\\\/prod\\\/230331164219-file-pinduoduo-market.jpg?c=16x9&amp;q=h_720,w_1280,c_fill\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pinduoduo-is-straight-up-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,government,privacy,malware,phone,china,data loss,spyware\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinegovernmentprivacymalwarephonechinadata-lossspyware\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Pinduoduo Is Straight Up Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pinduoduo Is Straight Up Malware 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/pinduoduo-is-straight-up-malware\/","og_locale":"en_US","og_type":"article","og_title":"Pinduoduo Is Straight Up Malware 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/pinduoduo-is-straight-up-malware\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-04-02T23:01:04+00:00","og_image":[{"url":"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331164219-file-pinduoduo-market.jpg?c=16x9&amp;q=h_720,w_1280,c_fill","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/pinduoduo-is-straight-up-malware\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/pinduoduo-is-straight-up-malware\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Pinduoduo Is Straight Up Malware","datePublished":"2023-04-02T23:01:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/pinduoduo-is-straight-up-malware\/"},"wordCount":1980,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/pinduoduo-is-straight-up-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331164219-file-pinduoduo-market.jpg?c=16x9&amp;q=h_720,w_1280,c_fill","keywords":["headline,government,privacy,malware,phone,china,data loss,spyware"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/pinduoduo-is-straight-up-malware\/","url":"https:\/\/www.threatshub.org\/blog\/pinduoduo-is-straight-up-malware\/","name":"Pinduoduo Is Straight Up Malware 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/pinduoduo-is-straight-up-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/pinduoduo-is-straight-up-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331164219-file-pinduoduo-market.jpg?c=16x9&amp;q=h_720,w_1280,c_fill","datePublished":"2023-04-02T23:01:04+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/pinduoduo-is-straight-up-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/pinduoduo-is-straight-up-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/pinduoduo-is-straight-up-malware\/#primaryimage","url":"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331164219-file-pinduoduo-market.jpg?c=16x9&amp;q=h_720,w_1280,c_fill","contentUrl":"https:\/\/media.cnn.com\/api\/v1\/images\/stellar\/prod\/230331164219-file-pinduoduo-market.jpg?c=16x9&amp;q=h_720,w_1280,c_fill"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/pinduoduo-is-straight-up-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,government,privacy,malware,phone,china,data loss,spyware","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinegovernmentprivacymalwarephonechinadata-lossspyware\/"},{"@type":"ListItem","position":3,"name":"Pinduoduo Is Straight Up Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51295","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=51295"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51295\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=51295"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=51295"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=51295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}