The security incident may add fuel to already heated rhetoric in the US about data insecurity with Chinese apps. Read more: Google Halts PDD App After Finding Malware in Some Versions PDD, which has rejected claims of its app containing malicious code, didn’t respond to requests for comment on Monday. The designation and warning were still in place as of Monday in Hong Kong. That warning, visible to users with Google Mobile Services - which are unavailable in China - calls the app “harmful” and warns it can allow unauthorized access to a user’s data or device. Google last week took the rare step of halting downloads of the app from one of China’s largest online retailers, urging users to uninstall Pinduoduo if they already have it on their device. “Some versions of the Pinduoduo app contained malicious code, which exploited known Android vulnerabilities to escalate privileges, download and execute additional malicious modules, some of which also gained access to users’ notifications and files,” said Igor Golovin, a Kaspersky security researcher. Those conclusions agreed in large part with those of researchers that had posted their discoveries online in past weeks, though Bloomberg News hasn’t verified the authenticity of the earlier reports. The cybersecurity firm, which has played a role in uncovering some of the biggest cyberattacks in history, said it found evidence that earlier versions of Pinduoduo exploited system software vulnerabilities to install backdoors and gain unauthorized access to user data and notifications. Kaspersky’s findings, shared with Bloomberg News, were among the clearest explanations from an independent security team for what triggered Google’s action and malware warning last week.
0 kommentar(er)
