{"id":627324,"date":"2023-04-09T09:49:36","date_gmt":"2023-04-09T14:49:36","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/04\/09\/pinduoduo-a-top-chinese-shopping-app-is-laced-with-malware\/"},"modified":"2023-04-09T09:49:36","modified_gmt":"2023-04-09T14:49:36","slug":"pinduoduo-a-top-chinese-shopping-app-is-laced-with-malware","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/04\/09\/pinduoduo-a-top-chinese-shopping-app-is-laced-with-malware\/","title":{"rendered":"Pinduoduo, a Top Chinese Shopping App, Is Laced With Malware"},"content":{"rendered":"<div data-journey-hook=\"client-content\" data-testid=\"BodyWrapper\">\n<p><span>A United States<\/span> Immigration and Customs Enforcement database WIRED obtained through a Freedom of Information Act request <a href=\"https:\/\/www.wired.com\/story\/ice-1509-custom-summons\/\">shows that the agency has been leaning on a certain type of administrative subpoena to collect data<\/a> from elementary schools, abortion clinics, and other vulnerable populations. And <a href=\"https:\/\/www.wired.com\/story\/3cx-supply-chain-attack-north-korea-cryptocurrency-targets\/\">new details about a recent supply chain attack against the VoIP software 3CX<\/a> indicate that attackers\u2014likely hackers working for the North Korean government\u2014were targeting cryptocurrency companies in the broad assault.<\/p>\n<p>We also looked at this week\u2019s move by Italy\u2019s data regulator, Garante per la Protezione dei Dati Personali, to <a href=\"https:\/\/www.wired.com\/story\/italy-ban-chatgpt-privacy-gdpr\/\">temporarily stop OpenAI from incorporating Italians\u2019 personal information into training data<\/a>. In response, the company has currently stopped people in Italy from accessing its generative AI platform, ChatGPT. Meanwhile, we explored the <a href=\"https:\/\/www.wired.com\/story\/us-food-agriculture-isac-cybersecurity\/\">dangerous missing security defense in the US agriculture sector and the nation\u2019s food supply chain<\/a>, and we went deep on the <a href=\"https:\/\/www.wired.com\/story\/surveillance-china-security-camera-giant-ipvm\/\">saga of a small US gadget blog that found troubling flaws in foreign security cameras<\/a> and took on the Chinese surveillance industry to get them fixed.<\/p>\n<p>In virtual private network news, the open source <a href=\"https:\/\/www.wired.com\/story\/amnezia-vpn-russia-censorship\/\">VPN Amnezia has been allowing users in Russia to stay one step ahead of the Kremlin\u2019s inveterate censorship and digital control<\/a>. And the Tor Project collaborated with the open source VPN maker Mullvad to <a href=\"https:\/\/www.wired.com\/story\/mullvad-browser-vpn-tor-project\/\">create a new privacy-focused browser that incorporates the VPN of your choosing<\/a>.<\/p>\n<p>Plus, there\u2019s more. Each week, we round up the security news we didn\u2019t cover in-depth ourselves. Click the headlines to read the full stories, and stay safe out there.<\/p>\n<p>The Chinese ecommerce giant Pinduoduo has more than 750 million customers a month and sells a vast array of products and groceries. But cybersecurity researchers who analyzed the company\u2019s Android app found that it is laced with invasive malware that exploits Android vulnerabilities to take control of users\u2019 devices\u2014gaining access to data from other apps, changing system settings, and monitoring people\u2019s digital activity in a number of ways.\u00a0<\/p>\n<p>Current and former Pinduoduo employees told CNN that the company has a specific initiative to discover Android vulnerabilities and develop exploits. The goal is allegedly to increase sales by monitoring customers and competitors. CNN said there is no specific evidence that Pinduoduo gives the data it steals to Beijing, but under Chinese law that would be very possible. Google suspended the app from its Play Store in late March, but the app store is banned in China, so Android users typically download their apps from local app stores anyway. In the past, Pinduoduo has rejected \u201cthe speculation and accusation that [the] Pinduoduo app is malicious,\u201d but it did not respond to multiple CNN requests for comment on the new findings. Tech giants around the world are often criticized for their massive, even excessive data collection practices. But researchers said that Pinduoduo\u2019s app was particularly egregious.<\/p>\n<p>Law enforcement from 17 counties collaborated on the takedown this week of the widely used digital criminal marketplace Genesis, known for hawking massive quantities of stolen login credentials and access tokens. Police seized the site\u2019s infrastructure and also executed a massive campaign in multiple countries to conduct 208 property searches and arrest 119 of the site\u2019s alleged users. The FBI and Dutch National Police led the effort with support from Europol and many others. \u201cWorking across 45 of our FBI Field Offices and alongside our international partners, the Justice Department has launched an unprecedented takedown of a major criminal marketplace that enabled cybercriminals to victimize individuals, businesses, and governments around the world,\u201d US attorney general Merrick Garland said in a statement. \u201cOur seizure of Genesis Market should serve as a warning to cybercriminals who operate or use these criminal marketplaces.\u201d<\/p>\n<p>Just in time for tax day, public procurement records reviewed by Motherboard show that the US Internal Revenue Service is interested in purchasing an internet surveillance tool from Team Cymru, a company that makes digital monitoring products. The FBI and US military are already customers. The tool gives users access to \u201cnetflow\u201d data, which reveals broad internet activity, including interactions like server communication. Without such surveillance tools, only a server\u2019s host or operator and internet service provider would have access to such data. The records also indicate that the IRS is looking to purchase access to a number of cybersecurity products for defense.<\/p>\n<p>Tesla vehicles incorporate a number of cameras, but the video they capture is supposed to be locked down so you have privacy in your own car. However, Reuters found that Tesla employees shared embarrassing and \u201chighly invasive\u201d videos and images from customers\u2019 cars on an internal company communication platform between 2019 and 2022. Some of the footage was simply of dogs or comical road signs, but it also captured an array of compromising situations, including nudity. Tesla didn\u2019t respond to detailed questions from Reuters about the findings.<\/p>\n<p>The <a href=\"https:\/\/www.wired.com\/story\/china-spy-balloon-2023\/\">Chinese spy balloon<\/a> that caused an uproar as it floated over the US early this year made multiple passes over sensitive military sites and successfully collected some electronic signals, like those from communications and weapons systems, according to three current and former officials who spoke to NBC News. The US government had said at the time that it was taking steps to block the balloon from collecting anything useful. The three officials added, though, that the US\u2019s countermeasures succeeded at substantially reducing the amount of information the balloon was able to collect.\u00a0<\/p>\n<\/div>\n<p><a href=\"https:\/\/www.wired.com\/story\/pinduoduo-malware-security-roundup\/\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Lily Hay Newman<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A United States Immigration and Customs Enforcement database WIRED obtained through a Freedom of Information Act request shows that the agency has been leaning on a certain type of administrative subpoena to collect data from elementary schools, abortion clinics, and other vulnerable populations. And new details about a recent supply chain attack against the VoIP<\/p>\n","protected":false},"author":1,"featured_media":627325,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[933,40221,46],"tags":[],"class_list":{"0":"post-627324","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-chinese","8":"category-pinduoduo","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/627324","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=627324"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/627324\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/627325"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=627324"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=627324"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=627324"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}