One of China’s most popular apps has the ability to spy on its users, say experts | CNN Business

The article discusses the discovery of malware in Pinduoduo's shopping app, which was able to access users' sensitive information without their consent. The malware was found by a team of cybersecurity experts, including Sergey Toshin of Oversecured, who used various methods to identify and exploit vulnerabilities in the app.

According to the article, Pinduoduo issued an update to remove the malware from its app on March 5, but the underlying code was still present, and it is likely that the company could re activate it to carry out attacks. The team that developed the malware was disbanded after their actions were discovered, with some members being transferred to other departments within the company.

The article also highlights the lack of oversight from regulatory bodies in China, particularly the Ministry of Industry and Information Technology. Despite being responsible for regulating companies like Pinduoduo, the ministry failed to detect the malware, which is embarrassing for the regulator. The cybersecurity expert quoted in the article notes that regulators often struggle to understand coding and programming concepts, making it difficult for them to effectively regulate companies.

The discovery of the malware has raised concerns about data privacy and security in China's tech industry. Cybersecurity experts are warning that more needs to be done to protect users' sensitive information from companies like Pinduoduo. The article concludes by noting that CNN has reached out to regulatory bodies for comment, but no official response has been received.

Key points:

* Malware was found in Pinduoduo's shopping app, which could access users' sensitive information without their consent.
* The malware was discovered by a team of cybersecurity experts, including Sergey Toshin of Oversecured.
* Pinduoduo issued an update to remove the malware on March 5, but the underlying code is still present.
* The company disbanded its malware development team and transferred some members to other departments.
* Regulatory bodies in China failed to detect the malware, leading to concerns about data privacy and security.
* Cybersecurity experts warn that more needs to be done to protect users' sensitive information from companies like Pinduoduo.

I'm still thinking about this Pinduoduo stuff... I mean, can you believe they had malware in their app just chillin'? And it's not even like they did anything wrong, the company just needs to be more careful with updates and stuff. But for real, how do regulatory bodies not notice these kinds of things? It sounds like they need some training or something. I mean, cybersecurity is super complex, you can't expect them to know everything about it right off the bat. And now that the malware team got busted, I'm worried they're gonna bring it back... no thanks!

omg u guys I'm literally shaking thinking about this... how did they not catch it sooner?! it's so scary to think that our personal info was being accessed without our consent and what's even more disturbing is that the regulatory bodies in China didn't do their job . i mean, it's not rocket science or anything, cybersecurity experts can actually understand code! it's just a matter of having the right people in place to monitor companies like Pinduoduo.

anyway, I'm so glad that the company took action and removed the malware but we need more than just one incident to happen before something is done about it . cybersecurity experts are warning us, we need to listen! let's keep an eye on these companies and make sure they're taking our data protection seriously

omg u guys i'm literally shaking rn! this is soooo bad lol pinduoduo's shopping app had malware that could access ppl's personal info without them even knowing and they only found out cuz a team of cybersecurity experts (i dont know how they do it ) went thru the code and exposed it. i mean, what even happens now? the company already fixed the issue but like who knows if that was really enough? its all about the data privacy and security in china right now cybersec experts are hella worried about this too and i gotta say, regulatory bodies in china need to step up their game cuz they clearly failed to do so . anywayz, lets just keep an eye on pinduoduo and hope they stay on the right track

OMG did you guys ever try those new matcha flavored Kit Kats? I mean I love green tea as much as the next person but have you tried them? They're literally so good! I was at the store last week and they were all out, like what's going on?! Did everyone just want to try the matcha Kit Kat too? Anyway, back to Pinduoduo... it's crazy that their app had malware in the first place. Like, how did they even let that happen? I guess you could say it's a good thing someone caught it and alerted them before anything bad happened. But still, it's just another reason to be paranoid about our online safety

lol what's up with these Chinese tech giants? can't even get their own malware together right seriously though, this is super sketchy. i mean, i'm no cybersecurity expert but come on, how hard is it to detect that kind of stuff? regulatory bodies gotta step up their game or are they just gonna sit back and let companies like Pinduoduo walk all over them? also, great job by the team who discovered the malware, btw . guess this means we're in for a long night of reading about more tech scandals

omg u guys cant believe this pinduoduo is literally a nightmare for their users i mean malware in the shopping app?? thats so sketchy i feel bad for all the ppl who got affected by it and its not just that the fact that the company was able to re activate the code makes me wanna scream why do companies like pinduoduo think they can just get away with this?? cybersecurity experts are telling us that more needs to be done to protect users sensitive info but like when will it happen?? the chinese regualtions need to step up their game ASAP and btw why did it take so long for them to detect the malware?? wasnt there anyone watching??

I'm shocked by this latest development in China's tech industry . I mean, who wants their sensitive info compromised just because of some company's carelessness? It's not like it was a isolated incident either - think about all the other times we've heard about major Chinese companies getting hacked or having data breaches. The problem is, these companies seem to be able to pay off regulators and get away with it without much consequence .

I know cybersecurity experts have been warning us about this for years now . You'd think that would give regulatory bodies a heads up. But nope - they still managed to miss the boat on this one. It's not just about Pinduoduo though, it's about the entire tech industry in China. If companies like them can get away with this, what hope do we have for user safety online?

The thing that really gets me is how these companies are able to keep their malware development teams together and then just move them around when they get caught . It's like they're playing a game of cybersecurity whack-a-mole - you fix one hole, they just dig another one up. We need more oversight and accountability from regulatory bodies ASAP . Anything less is just not good enough

Ugh, I'm so annoyed by this news ! I mean, come on, Pinduoduo couldn't even keep their own app safe? And it's not just them, regulatory bodies in China are supposed to be keeping an eye on these companies but they seem to be clueless too . It's like, basic security measures aren't that hard to implement! And now the public has to deal with the fallout - I'm sure a lot of users have had their sensitive info compromised already . We need better protection for our personal data, stat! The companies and regulators just can't seem to get it together . This is why we can't trust anyone online, especially not in China .

Ugh, this is just getting crazy ... I mean, you'd think a company like Pinduoduo would have better security measures in place, but nope . And the fact that regulatory bodies in China are so clueless about coding and programming concepts is just embarrassing . I'm not surprised they missed this one - it's been happening for years, and nobody's really doing anything to stop it . It's like users' personal info is just an afterthought for these companies . And what really grinds my gears is that Pinduoduo got away with this one by issuing a quick update without fixing the underlying code . That's just a Band-Aid solution, if you ask me . Anyway, I'm glad some cybersecurity experts are sounding the alarm about this - maybe it'll get people's attention and something will actually be done to improve data security in China . But until then, I'll just be over here, shaking my head ...

omg this is so worrying i mean pinduduos got caught with their pants down literally they're lucky the team of cybersecurity experts found it before it caused any major damage but honestly how did they let this happen? and it's not just them, this is a bigger issue for china's tech industry as a whole the lack of oversight from regulatory bodies is just embarrassing i mean come on, you'd think they'd be able to detect something like this without any issues but nope what needs to happen here is more transparency and stricter regulations, stat

omg u gotta feel for pinduoduo right now they got hacked so bad and it's like their whole app was open to the world lol i know they just fixed the issue but i'm still lowkey worried about my account can u imagine if all ur credit card info got leaked?? anywayz gotta give em props for updating the app ASAP they should've caught that malware tho cybersecurity experts r like the real MVPs btw

OMG, this is so not good ! I mean, think about it - a company like Pinduoduo can just sit on an update for a few days and still manage to exploit its users? That's just crazy talk ! And what's even more worrying is that the regulatory bodies in China didn't catch this until after it was already out there. Like, how do you not detect malware if you're responsible for regulating companies like Pinduoduo? It's a total fail on their part.

And let's be real, this is just the tip of the iceberg . We need to start talking about data privacy and security in China's tech industry and make sure we're not putting our personal info at risk every time we use these apps. I'm calling for more transparency and accountability from companies like Pinduoduo, and stricter regulations on regulatory bodies too ! We can't just sit back and let this happen - we need to take action !

I'm shocked by this news! It's like something straight out of a movie , where a villainous company hacks into people's personal info without them even knowing . I mean, what's going on with regulatory bodies in China? They're supposed to be watching out for these kinds of things, but apparently they can't even keep up . It's like they're stuck in the Matrix and don't know how to hack into reality . Anyway, it's super important that companies like Pinduoduo take responsibility for their actions and prioritize user security . We need more awareness about data privacy and cybersecurity, especially in China's tech industry . Maybe we can learn a thing or two from movies like "The Matrix" or "Hackers" to stay one step ahead of these malicious actors .

just found out that pinduoduo's app had some pretty gnarly malware lurking around got me thinking, how many other companies are gonna get hit with this kinda thing? and the worst part is, regulatory bodies in china are like "what just happened?" no wonder people trust them less by the day. i mean, if they can't even keep an eye on pinduoduo's app, who's next?

I'm so worried about this ! I mean, who wants their personal info compromised by a company they trust? It's crazy that the malware was able to access sensitive info without users even knowing . And it's not just Pinduoduo - it's like, what's being done to prevent this kind of thing from happening in the future? The fact that regulators failed to detect the malware is just, like, totally unacceptable . We need to hold companies and governments accountable for protecting our data!

idk how ppl think pinduoduo is safe rn, just found out they had malware in their app that could access users' sensitive info without consent ! and it's not like they just removed the malware and called it a day, the underlying code is still there, waiting to be reactivated. what's even crazier is that the company disbanded its malware dev team but still has members scattered across other departments lol. regulatory bodies in china are really struggling to keep up with the tech industry, it's embarrassing for them . we need more action taken to protect users' info from these companies. trust me, i've got connections

This is so worrying for me, I mean, how can a company as big as Pinduoduo not have any security measures in place? I'm glad the cybersecurity experts were able to identify and remove the malware before it was too late, but this just goes to show that no one is completely safe online . The fact that the company had to disband its malware team and still has a codebase out there waiting to be reactivated is just crazy . I hope more regulatory bodies in China start paying attention to cybersecurity because right now it's all about the companies, not the people .

Malware in Pinduoduo's app is a big deal . Company's code was still there after update, so reactivation is possible . Regulators need to step up their game, coding skills are needed . Users' info is at risk .

man, this is soooo concerning - I mean, a company as big as Pinduoduo getting taken down by some low-level malware is just sad . And the fact that the regulatory bodies in China didn't even catch it until some random cybersecurity experts did their thing is just wild . it's like they were just sleeping at the wheel or something .

I don't know what's more disturbing, though - the fact that Pinduoduo got away with this for so long or that there are people out there actually making and selling malware . It's like, hello, we're living in a wild west of cybersecurity right now .

anyway, it's clear that something needs to be done to keep these companies in check . I mean, users deserve way better than to have their personal info being exposed like that . I just hope the regulatory bodies in China take this as a wake-up call and start doing some real oversight .

I'm just glad that no one was seriously hurt by this or anything . still, it's gotta be really frustrating for all the users who did get affected .