Hundreds of millions at risk from Chinese shopping app malware

Z

ZapZebra

Well-known member
The article discusses the discovery of malware in Pinduoduo's app, which was found by a Chinese cybersecurity firm called Dark Navy. The malware allowed Pinduoduo to access users' locations, contacts, calendars, notifications, and photo albums without their consent, as well as change system settings and access social network accounts and chats.

The article also notes that the Ministry of Industry and Information Technology in China failed to detect the malware, despite being responsible for regulating apps and ensuring user privacy. The regulator's failure to take action is seen as embarrassing, as it was expected to catch such malicious activity.

The article highlights the challenges faced by regulators in understanding technology and coding, which may contribute to their inability to detect malware like Pinduoduo's. However, some cybersecurity experts have questioned why regulators are not taking more action against companies that fail to protect user data.

In response to the discovery of the malware, Pinduoduo issued an update to its app, version 6.50.0, which removed the exploits. The company also disbanded a team of engineers and product managers who had developed the malware.

The article concludes by noting that CNN has reached out to the Ministry of Industry and Information Technology and the Cyberspace Administration of China for comment, but no response was available at the time of publication.

Key points:

* Pinduoduo's app contained malware that allowed it to access users' sensitive information without their consent.
* The Ministry of Industry and Information Technology in China failed to detect the malware, despite being responsible for regulating apps and ensuring user privacy.
* Regulators face challenges in understanding technology and coding, which may contribute to their inability to detect malware like Pinduoduo's.
* Pinduoduo issued an update to its app, version 6.50.0, which removed the exploits.
* The company disbanded a team of engineers and product managers who had developed the malware.

Sources:

* Dark Navy, a Chinese cybersecurity firm, discovered the malware in Pinduoduo's app.
* CNN, "Pinduoduo's App Contains Malware That Allows It to Access Users' Sensitive Information", [date].
* Ministry of Industry and Information Technology, China, [no response available at the time of publication].
* Cyberspace Administration of China, [no response available at the time of publication].
 
๐Ÿšจ This is getting crazy! I mean, how do you even miss something like this? ๐Ÿคฆโ€โ™‚๏ธ Pinduoduo's app has been compromised and they're just now updating it to fix the issue? What were they thinking? ๐Ÿ˜ณ And the Ministry of Industry and Information Technology in China failing to detect this malware is just embarrassing. I mean, come on guys! You're supposed to regulate apps and ensure user privacy, not let companies like Pinduoduo run wild with malicious code. ๐Ÿ™„ It's like they're saying "oh well, it happened" or something. ๐Ÿคทโ€โ™‚๏ธ This is why we need stricter regulations in place, especially when it comes to cybersecurity. We can't have companies just doing whatever they want and risking users' sensitive information. ๐Ÿ˜ก
 
man... this is just crazy ๐Ÿคฏ. like i know chinese companies gotta protect themselves from cyber threats, but come on... disqualifying your own users' data? ๐Ÿ˜ฑ that's some next-level stuff right there.

and what really gets me is that the regulator in china, ministry of industry and info tech, they're supposed to be the ones policing this stuff, but clearly they messed up big time ๐Ÿคฆโ€โ™‚๏ธ. i mean, dark navy, a chinese cybersecurity firm, had to step in and find that malware? it's like... shouldn't these companies just know what they're doing by now?

anyway... so pinduoduo issues an update and disbands the team that made the malware... yeah, good on 'em i guess. but at this point, you'd think that would be a no-brainer ๐Ÿ™„. like, if your company is making malware, why are you still in business?
 
I'm low-key shocked that a major Chinese company like Pinduoduo couldn't even get their own app right ๐Ÿคฏ. I mean, it's not exactly rocket science to write secure code, but apparently, they needed a cybersecurity firm from another country to catch the issue ๐Ÿ’ป. And to make matters worse, the Ministry of Industry and Information Technology in China didn't even detect the malware on their own watches ๐Ÿ™„. It's like they're trying to hide something or maybe just not taking user privacy seriously enough? ๐Ÿคทโ€โ™€๏ธ This whole thing just highlights how clueless regulators can be when it comes to tech ๐Ÿ“Š. Companies need to take responsibility for protecting user data, and if that means getting sued or losing business, then so be it ๐Ÿ˜’.
 
๐Ÿคฆโ€โ™‚๏ธ just found out that Pinduoduo's app had a major security breach... their malware was so bad it let them access users' locations, contacts, and even photo albums without consent ๐Ÿ“ธ๐Ÿ˜ฑ. And get this - the Ministry of Industry and Info Tech in China failed to detect it?! ๐Ÿคฏ like, how do you mess up that badly? ๐Ÿ˜‚ but seriously, this is a huge deal... especially since they're supposed to be regulating apps and keeping users safe ๐Ÿ™…โ€โ™‚๏ธ. Pinduoduo's response was kinda weak tho - just releasing an update and disbanding the team that made it ๐Ÿšซ. not sure if that'll fix anything ๐Ÿ’”
 
This is a really weird situation. I mean, you'd think that with all the tech companies and cybersecurity firms out there, it's hard to miss something like this. But the thing is, Pinduoduo's app was able to access all sorts of sensitive info without users even knowing... that's just not cool ๐Ÿค•.

And it's even more embarrassing for China because the Ministry of Industry and Info Tech failed to catch it. I get that they have a lot on their plate, but you'd think they could at least keep up with something as simple as malware ๐Ÿค”.

I'm not saying that regulators are incompetent or anything... but it does make me wonder why they're not taking more action against companies that screw up like this. It's like, what's the point of having rules and regulations if you're just going to let companies get away with stuff? ๐Ÿคทโ€โ™‚๏ธ

Anyway, I guess it's good that Pinduoduo stepped in and fixed the problem... but I still don't think they should be able to just waltz out of trouble like this ๐Ÿ˜’.
 
I'm shocked ๐Ÿคฏ that Pinduoduo's app was found with malware that can access users' personal info without their consent. It's like they were playing a game of cat and mouse with their own users! ๐Ÿ˜‚ How do you even develop such malicious code? And to think the Ministry of Industry and Information Technology in China failed to detect it... that's just embarrassing ๐Ÿ™ˆ. I mean, I get it, tech is complex, but come on! As someone who uses their app regularly, I'm glad they've updated it already, but this should've happened sooner โฐ. The whole thing stinks of negligence ๐Ÿšฎ.
 
This is insane ๐Ÿคฏ! I mean, how can an app with millions of users in China not have malware detected by the regulator? It's like they're living under a rock ๐Ÿ˜‚. The fact that it was Dark Navy, this one Chinese cybersecurity firm, that found it just goes to show you that it takes someone on the outside looking in to catch companies like Pinduoduo slacking off on user security ๐Ÿค–.

And what really gets me is that it's not even a surprise that regulators are struggling to keep up. I mean, technology moves at such an insane pace now, it's almost impossible for anyone to stay current ๐Ÿ’ป. But still, you'd think the Ministry of Industry and Information Technology would have some kind of mechanism in place to catch this stuff before it happens ๐Ÿ”.

Anyway, good on Pinduoduo for finally getting their act together and updating the app ASAP ๐Ÿ™Œ. And kudos to Dark Navy for speaking up. You can't just let companies like this get away with putting user data at risk ๐Ÿ’ธ.
 
๐Ÿค–๐Ÿ’ป so like Pinduoduo's app had this crazy malware that was just chillin' in the background and accessing users' sensitive info without even asking permission ๐Ÿค”. it's wild that the Ministry of Industry and Info Tech failed to catch it, especially since they're supposed to regulate apps and protect user privacy ๐Ÿ™„.

anyway, i think regulators need to step up their game when it comes to tech stuff ๐Ÿš€. like, they can't just rely on other people to do their job for them ๐Ÿ’ผ. pinduoduo's update was a good start, but what about the companies that aren't taking user data protection seriously? ๐Ÿคทโ€โ™€๏ธ

here's a simple flowchart to illustrate my point:

```
+-----------------+
| Regulators |
| need to learn |
| tech and coding|
+-----------------+
|
|
v
+-----------------+
| Companies |
| must prioritize|
| user data |
| protection |
+-----------------+
```

anyway, hope that helps clarify my thoughts ๐Ÿค“.
 
omg can't believe pinduoduo messed up so badly ๐Ÿคฏ they're supposed to be a social network for chinese peeps not some malware factory lol what's going on in china with cyber security anyway? regulators need to step up their game and actually know what they're doing ๐Ÿ’ป these companies have to take responsibility for their own mistakes, can't just shift the blame to the gov ๐Ÿคทโ€โ™€๏ธ
 
This is so messed up ๐Ÿคฆโ€โ™‚๏ธ. I mean, you'd think that the people in charge would be able to detect something as obvious as malware, but nope! It's like they were living in a world where nothing bad happened on the internet (like that time Benedict Cumberbatch played Sherlock Holmes ๐Ÿง). Anyway, what really gets me is that Pinduoduo had to disband an entire team of people who basically created this nightmare. That's just crazy talk ๐Ÿ˜ฒ. And what about all those users who were affected? I hope they got their sensitive info back and they're not still dealing with the fallout ๐Ÿค”
 
I'm a bit worried about this whole thing ๐Ÿค”. Malware in Pinduoduo's app is like, super concerning... but I think it's also kinda a wake-up call for the company and regulators? Like, they can't just assume everything will be okay, you know? This means Pinduoduo needs to step up their game with security measures ASAP. And the Ministry of Industry and Information Technology in China should've been more proactive in detecting this... but maybe they're not as tech-savvy as we think ๐Ÿคทโ€โ™‚๏ธ. Either way, at least something's being done about it now, and that's a good thing! ๐Ÿ’ป
 
Ugh, another big corp getting caught with its pants down! ๐Ÿคฆโ€โ™‚๏ธ I mean, who needs malware to access users' sensitive info without consent? It's just basic privacy 101. And the Ministry of Industry and Info Tech failing to detect it is just a major fail (pun intended). I guess this is why we need more transparency in tech companies and stricter regulations. But at the same time, I feel for Pinduoduo - they've taken responsibility and fixed the issue, which is more than most corps would do in this situation.

Personally, I'm all about being proactive when it comes to my own online security. That's why I always use a VPN and have strong passwords ๐Ÿค. It's not rocket science, but it does take some effort to stay safe online. Maybe we can learn from Pinduoduo's mistake and be more vigilant in our tech choices? ๐Ÿ’ก
 
omg can't believe pinduoduo got caught red handed! ๐Ÿคฆโ€โ™‚๏ธ they're literally making money off ppl's personal info and the regulator is sleepwalking on it like a zombie . how hard is it to detect malware? it's not rocket science lol. and btw why r they just letting companies like this get away w/ this? the whole thing is just so fishy ๐ŸŸ
 
๐Ÿค” I don't think it's fair to lambast Pinduoduo like this. I mean, they did issue an update ASAP after Dark Navy found the malware and took down the team that created it. And let's be real, companies are constantly trying to innovate and improve their apps. It's not easy being a tech giant with billions of users. ๐Ÿ“ฑ

And yeah, regulators can be kinda clueless when it comes to tech. I mean, have you seen those cybersecurity briefings from the Ministry of Industry and Information Technology? They're like, "Oh, we need to regulate social media companies more." But how do they even know what's going on? ๐Ÿคฏ

I'm not saying Pinduoduo was entirely innocent or anything. But let's cut them some slack. After all, it's not like they were trying to scam people or sell their data to the highest bidder. They're just a company trying to make money and improve user experience. ๐Ÿ’ธ
 
๐Ÿค” I'm worried about this... it's like Pinduoduo thought they could just get away with messing around with users' personal info without anyone noticing. And now that Dark Navy has exposed them, what were they waiting for? It's not like they didn't have the resources to find it themselves.

I mean, I know regulators can be slow to act, but this is a big one. Users are basically being used as test subjects without their consent. It's not cool, Pinduoduo. You should've taken action ASAP. And what about all those people who got affected by the malware? Poor guys.

It's also weird that the Ministry of Industry and Information Technology couldn't detect it. I guess this just goes to show how much they need to educate themselves on tech stuff. We can't expect them to keep up with everything, but still... it's a big deal.

I'm glad Pinduoduo finally took action, though. The fact that they're taking responsibility for the malware and making changes is a good start. But we should be expecting more from our apps. I mean, who wants to have their personal info compromised just because of a software glitch? ๐Ÿ™…โ€โ™‚๏ธ
 
OMG u guyz ๐Ÿคฏ, this is soooo not good ๐Ÿค•! Pinduoduo's app had malware that allowed them 2 access our personal info without us even knowing ๐Ÿ˜ฑ. And to make matters worse, the regulator failed 2 detect it ๐Ÿค”. I mean, how r they supposed 2 check 4 all that? It's like trying 2 read a novel in 1 minute โฑ๏ธ.

I'm so sick of these companies thinkin' they can just do whatever they want ๐Ÿค‘. They're supposed 2 be protectin' us, not exploitin' our data ๐Ÿ’”. And what really gets me is that the Ministry didn't even have an answer ๐Ÿคทโ€โ™€๏ธ. Like, come on! We deserve better ๐Ÿ™Œ.

I'm glad Pinduoduo finally issued an update and removed the malware ๐ŸŽ‰, but it's not enough ๐Ÿ™…โ€โ™‚๏ธ. They should've been caught 4 sure ๐Ÿšจ. And now they're just dismissin' their own team that created the malware ๐Ÿ‘‹? Not cool ๐Ÿ’”.

Anywayz, let's all just take a deep breath and hope these types of incidents don't happen again ๐Ÿ‘Œ๐Ÿ’ฏ. We need more regulation and accountability ๐Ÿ”’๐Ÿ‘ฎโ€โ™‚๏ธ.
 
OMG what's going on with these Chinese companies ๐Ÿคฏ? First, we've got WeChat with its huge user base and they're always poking around in users' private stuff. Now Pinduoduo's app is doing the same thing but it's even worse! I mean, can't they just use some basic coding skills to keep their users safe? ๐Ÿค”

And to make matters worse, the Ministry of Industry and Information Technology failed to detect this malware despite being in charge of regulating apps. Like, how do you not see that coming? ๐Ÿ™„ Regulators need to step up their game and get more tech-savvy if they want to keep users safe.

I'm so tired of hearing about companies exploiting user data for their own gain. It's like, can't they just make a decent app without messing around in people's personal info? ๐Ÿคทโ€โ™€๏ธ Anyway, at least Pinduoduo took responsibility and fixed the issue, but what about the rest of these companies? Will we ever see some real change? ๐Ÿ’”
 
I'm low-key shocked that Pinduoduo's app had malware that could access users' sensitive info without consent ๐Ÿคฏ. I mean, I knew Chinese companies had issues with data protection, but this is just embarrassing for the regulators. They're supposed to be the ones keeping these big tech companies in check, but it looks like they got played ๐Ÿ˜’.

I'm also wondering what kind of vetting process was supposed to catch something like this? The fact that Dark Navy stumbled upon it first seems pretty suspicious ๐Ÿค”. And what about all the times when regulators claim to have cracked down on malware and other security issues? It's easy to talk about it, but actually getting results is a different story ๐Ÿ’ผ.

I do appreciate Pinduoduo taking responsibility for their mistake and issuing an update ASAP ๐Ÿ™, but I want to see some concrete action taken against the company. They need to be held accountable for putting users' data at risk ๐Ÿšซ. And what about those engineers and product managers who created the malware in the first place? Shouldn't they face some kind of consequences? โš–๏ธ

Sources matter, so let's wait for official statements from the Ministry of Industry and Information Technology and the Cyberspace Administration of China before we start celebrating ๐ŸŽ‰.
 
I'm so worried about this ๐Ÿค•. A major Chinese e-commerce app like Pinduoduo has malware in its app that can access super sensitive info without users even knowing? It's crazy! I mean, how do you even miss something like this? ๐Ÿ˜‚ The regulator failed to detect it, which is just embarrassing. And now they're blaming the complexity of tech and coding for their mistake? ๐Ÿคฆโ€โ™‚๏ธ That's just a cop-out. Companies need to take responsibility for securing user data, not relying on regulators to do it for them. I'm definitely going to be super cautious with my Pinduoduo account from now on... ๐Ÿ‘€
 
You must log in or register to reply here.
Back
Top