Pinduoduo App Download Play Store
Cre Wallace
Lookout already has a coverage in place for this app. Any new or existing download of a malicious version of the app will be reported. Additionally, please set the Out of date ASPL policy to have a minimum of March 2023. They can then choose whether to alert the user that the device is out of compliance or block access to enterprise resources until ASPL is updated. We strongly suggest users to keep their devices on auto update for security fixes as and when they become available. Furthermore, we advise the admins to denylist the application for both Android and iOS if they find the app in their fleet.
Pinduoduo, a large Chinese online retailer, recently had their app removed from both the Google Play Store and iOS App Store because of malicious activity in their app. Researchers have reported that certain versions of this app contain code that can exploit the operating system of devices running the app and could prevent the user from removing the app from the device, installing additional malware in the background, removing other legitimate applications, and spying on the user.
Malicious versions of Pinduoduo were signed with the same signing key as the Pinduoduo app that was distributed via Google Play until it was removed from the store. This proves that the creators of the malicious app have access to the same signing keys as the creators of the legitimate app that was available from Play. Given that a malicious actor had the ability to produce legitimately-signed apps we advise our customers to denylist the Pinduoduo app (com.xunmeng.pinduoduo) for their users, if they find it in their fleet.
A woman walks past the reception desk at the headquarters of Pinduoduo with the logo displayed in the background in Shanghai, on July 25, 2018. Google on Tuesday, March 21, 2023 has suspended the Chinese shopping app Pinduoduo on its app store after malware was discovered in versions of the app from other sources. (Chinatopix via AP)
Pinduoduo is a popular e-commerce app in China which often offers discounts if users team up to buy multiples of an item. Google warned users Tuesday to uninstall any Pinduoduo app not downloaded from its own Play Store. Downloads of Android and even iOS apps can often be found on websites that allow people to download apps without going through official app stores.
Our experts identified a stack of software functions that are completely inappropriate to and dangerous in this type of software. TEMU uses them all.
Chinese companies can only operate if their entire databases are accessible to Chinese government agencies. ( Link ) In particular, the Chinese military has been closely tied for over a decade to Chinese-based hacking against the U.S. ( Link )
We believe many U.S. legislators already think these risks are unacceptably high, with no chance of a fair reciprocal opportunity for U.S. firms to operate like this in China. (This is not a liberal vs. conservative gridlocked issue. Legislators from both sides of the aisle are engaged in these issues right now.)
8) Debugger in the house. Calls in the code include a query Debug.isDebuggerConnected(), indicating to the running app if a debugger is engaged. We believe this is intended to obstruct or obscure analysis of the app, and most likely to change app behavior if an analyst is inspecting it dynamically.
The TEMU app even reads and stores the MAC address, which is a unique and global hardcoded network identifier of a device. This is a big No No in internet security. A Distributed Denial of Service (DDOS) attack and other unwanted security probes could conceivably be launched against a disclosed MAC address.
Grizzly Research: So when all these pieces are considered, how likely do you think that this is malware/spyware? And is this a sign of intentional effort to evade App Store security scans?
This file is only available in a fully compiled form. The versions in the two apps differ but are not small with 82kB to 102kB. We cannot make more definitive statements about its content without the source code. However, we believe, given the findings about Pinduoduo 6.49.0 and the removal from both apps, the file could reveal further evidence of malware or protection mechanisms thereof.
At some point, investigative research hits a wall that it takes a subpoena to pierce. Various U.S. Government agencies have the expertise and legal authority to shine a light on this dark corner of internet stealth.
Above are the broad array of findings that support our opinion that the TEMU app is purposefully and intentionally loaded with tools to execute virulent and dangerous malware and spyware activities on user devices which have downloaded and installed the TEMU app.
However, we anticipate the main focus of that update will not be to clean their software of malware / spyware features, and make their code base transparent to security audit! We anticipate they will instead up their game, trying to cloak all of the malign code that this report was able to detect and document.
And that begs the question of what PDD is going to do with every piece of user data they are exfiltrating right now. The company has to decide whether it will choose the path of transparency and voluntary submission to App Store guidelines or U.S. government subpoenas. And how will Google and Apple, two of the largest and most influential corporations on the planet, position themselves vis--vis their economic interests, and their fiduciary role to protect their users.
Your behavior will be categorized and siloed. If these kinds of inducements exert an addictive pull on your brain, AI pattern recognition will guarantee you will see a lot more of them. If you are on the TEMU website, all the most persistent inducements are pointed towards getting you to install the TEMU app.
As if on cue, this article appears. Seems there are Chinese manufacturers who look for Amazon bestsellers they can knock off. Not only do they copy the products, they take the pictures and text right off the Amazon page, and it goes straight to TEMU displays. We expect TEMU to once more blame the manufacturers ( Link ).
Also, ( Link ), ( Link ) (Just two of many, all over the internet). Copyright holders can complain, but the vendor can object to the complaint. The process is stacked in favor of the vendor, and the overall track record for IP protection for U.S. entities in China is abysmal.
To be clear, it is not likely that PDD performs the order brushing. However, PDD, as well as other e-commerce platforms, surely knows there is order brushing going on. It casts a blind eye and allows it.
We do not control Shanghai Fufeitong and the majority of its equity interest is indirectly controlled by our executive officers. If any conflict arises between us and Shanghai Fufeitong and cannot be resolved in our favor, our business, financial condition, results of operations and prospects may be materially and adversely affected.
Moreover, due to our cooperation with Shanghai Fufeitong, any event that negatively affects Shanghai Fufeitong may also negatively affect the perception of our customers, merchants, regulators and other third parties on us and may further adversely and materially affect our reputation, business, results of operations and prospects.
It was reported ( Link ) that the main reason for the shareholding decrease was that Chairman Huang donated many shares to different charities. However, the article below was questioning these donations because they were unable to find any information about those charity funds, either in Chinese or in English.
Because the United States public company only discloses the information regarding management owning 1% or more [of the company], and the other shareholders only disclose the shareholding information from shareholders with 5% or more [of the company], therefore the 113 million shares [of PDD] that were donated to the charity foundation by Zheng Huang just strangely disappeared.
Our opinions are held in good faith, and we have based them upon publicly available facts and evidence collected and analyzed including our understanding of representations made by the management of the companies we analyze, all of which we set out in our research reports to support our opinions, all of which we set out herein. HOWEVER, THEY REMAIN OUR OPINIONS AND BELIEFS ONLY.
We conducted research and analysis based on public information in a manner that any person could have done if they had been interested in doing so. You can publicly access any piece of evidence cited in this report or that we relied on to write this report.
We are entitled to our opinions and to the right to express such opinions in a public forum. We believe that the publication of our opinions and the underlying facts about the public companies we research is in the public interest, and that publication is justified due to the fact that public investors and the market are connected in a common interest in the true value and share price of the public companies we research. All expressions of opinion are subject to change without notice, Grizzly Research LLC does not undertake a duty to update or supplement this report or any of the information contained herein.
d3342ee215