{"id":161100,"date":"2023-03-27T10:22:20","date_gmt":"2023-03-27T15:22:20","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2023\/03\/android-app-from-china-executed-0-day-exploit-on-millions-of-devices"},"modified":"2023-03-27T10:22:20","modified_gmt":"2023-03-27T15:22:20","slug":"android-app-from-china-executed-0-day-exploit-on-millions-of-devices","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2023\/03\/android-app-from-china-executed-0-day-exploit-on-millions-of-devices","title":{"rendered":"Android app from China executed 0-day exploit on millions of devices"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/android-app-from-china-executed-0-day-exploit-on-millions-of-devices.jpg\"><\/a><\/p>\n<p>Can you imagine if we had computer\/brain interfaces what would happen? We\u2019ll need brain firewalls and antivirus.<\/p>\n<hr>\n<p>Android apps digitally signed by China\u2019s third-biggest e-commerce company exploited a zero-day vulnerability that allowed them to surreptitiously take control of millions of end-user devices to steal personal data and install malicious apps, researchers from security firm Lookout have confirmed.<\/p>\n<p>The malicious versions of the Pinduoduo app were available in third-party markets, which users in China and elsewhere rely on because the official Google Play market is off-limits or not easy to access. No malicious versions were found in Play or Apple\u2019s App Store. Last Monday, <a href=\"https:\/\/techcrunch.com\/2023\/03\/20\/google-flags-apps-made-by-popular-chinese-e-commerce-giant-as-malware\/\">TechCrunch reported<\/a> that Pinduoduo was pulled from Play after Google discovered a malicious version of the app available elsewhere. TechCrunch reported the malicious apps available in third-party markets exploited several zero-days, vulnerabilities that are known or exploited before a vendor has a patch available.<\/p>\n<p><b>Sophisticated attack<\/b><\/p>\n<p>A preliminary analysis by Lookout found that at least two off-Play versions of Pinduoduo for Android exploited CVE-2023\u201320963, the tracking number for an Android vulnerability <a href=\"https:\/\/source.android.com\/docs\/security\/bulletin\/2023-03-01\">Google patched<\/a> in updates that became available to end users <a href=\"https:\/\/arstechnica.com\/information-technology\/2023\/03\/critical-vulnerabilities-allow-some-android-phones-to-be-hacked\/\">two weeks ago<\/a>. This privilege-escalation flaw, which was exploited prior to Google\u2019s disclosure, allowed the app to perform operations with elevated privileges. The app used these privileges to download code from a developer-designated site and run it within a privileged environment.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Can you imagine if we had computer\/brain interfaces what would happen? We\u2019ll need brain firewalls and antivirus. Android apps digitally signed by China\u2019s third-biggest e-commerce company exploited a zero-day vulnerability that allowed them to surreptitiously take control of millions of end-user devices to steal personal data and install malicious apps, researchers from security firm Lookout [\u2026]<\/p>\n","protected":false},"author":528,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1523,1512,47,1492],"tags":[],"class_list":["post-161100","post","type-post","status-publish","format-standard","hentry","category-computing","category-mobile-phones","category-neuroscience","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/161100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/528"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=161100"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/161100\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=161100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=161100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=161100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}