Chinese IT giant suspected of creating malicious Android software

According to a report on March 28, 2023, Android applications signed by PDD Holdings, China's third largest e-commerce company, exploited a Zero-Day vulnerability to access the personal data of millions of mobile devices, install malware and take control of the devices. 

Malicious copies of the Pinduoduo app were distributed via third-party app shops and exploited the CVE-2023-20963 vulnerability before Google released an update to close the flaw. The Pinduoduo app is used to connect buyers and sellers, but malicious versions have been used to steal data and install malware. PDD Holdings denies any connection to the malicious versions, but Google has previously removed the software from the Play Store.  

Read more about it: here