Pinduoduo, a Top Chinese Shopping App, Is Laced With Malware

/in


A United States Immigration and Customs Enforcement database WIRED obtained through a Freedom of Information Act request shows that the agency has been leaning on a certain type of administrative subpoena to collect data from elementary schools, abortion clinics, and other vulnerable populations. And new details about a recent supply chain attack against the VoIP software 3CX indicate that attackers—likely hackers working for the North Korean government—were targeting cryptocurrency companies in the broad assault.

We also looked at this week’s move by Italy’s data regulator, Garante per la Protezione dei Dati Personali, to temporarily stop OpenAI from incorporating Italians’ personal information into training data. In response, the company has currently stopped people in Italy from accessing its generative AI platform, ChatGPT. Meanwhile, we explored the dangerous missing security defense in the US agriculture sector and the nation’s food supply chain, and we went deep on the saga of a small US gadget blog that found troubling flaws in foreign security cameras and took on the Chinese surveillance industry to get them fixed.

In virtual private network news, the open source VPN Amnezia has been allowing users in Russia to stay one step ahead of the Kremlin’s inveterate censorship and digital control. And the Tor Project collaborated with the open source VPN maker Mullvad to create a new privacy-focused browser that incorporates the VPN of your choosing.

Plus, there’s more. Each week, we round up the security news we didn’t cover in-depth ourselves. Click the headlines to read the full stories, and stay safe out there.

The Chinese ecommerce giant Pinduoduo has more than 750 million customers a month and sells a vast array of products and groceries. But cybersecurity researchers who analyzed the company’s Android app found that it is laced with invasive malware that exploits Android vulnerabilities to take control of users’ devices—gaining access to data from other apps, changing system settings, and monitoring people’s digital activity in a number of ways. 

Current and former Pinduoduo employees told CNN that the company has a specific initiative to discover…

Source…