The Pinduoduo malware executed a dangerous zero-day against millions of Android devices


A new report has claimed Pinduoduo, a major Chinese shopping app, took advantage of a zero-day vulnerability in the Android operating system to elevate its own privileges, steal personal data (opens in new tab) from infected endpoints, and install malicious apps. 

The allegations were confirmed by multiple sources, including cybersecurity experts Kaspersky, which analyzed “previous versions” of the app that were still distributed through a local app store in China, and concluded that it exploited a flaw to install backdoors. 


Source link