Category: Cybersecurity

For Cybersecurity, the Tricks Come More Than Once a Year

Posted on by Kernel

Anyone who pays attention on April Fool’s Day has learned to think twice about the information they read, the links they receive and the people who try impersonating others. The irony, though, is that while we’re hypervigilant against these harmless pranks, malicious actors are trying to play the same types of tricks on us day in and day out. 

 

Phishing attacks, malicious links and social engineering are just a few of the tricks used by cybercriminals to obtain credentials and other valuable information. The data they steal can then be leveraged to do real harm to victims  or used as part of a larger cyberattack. As technology progresses, so are these cyber scammers who have learned to utilise AI chatbots and deep fake technology to make their attacks even more sophisticated.

 

Phishing attacks are the one of the most common attack vectors used by cybercriminals. This technique involves sending unsolicited emails or messages that appear to be from a reputable source, such as a bank, social media platform or online retailer, saying you need to take some sort of action. The messages typically contain a link that downloads malware onto your device or directs you to a fake website that looks like the real one. Once you enter your credentials or other sensitive information, the bad actors can use it to access your accounts or steal your identity.

 

When encountering a suspicious message, you should always check the sender’s email address, hover over any links to verify the URL and avoid providing sensitive information until you have confirmed the sender’s identity independently from the original message.

 

AI chatbots are another tool used by cybercriminals to trick people into revealing their sensitive information that are rapidly growing in popularity. These chatbots are programmed to mimic human conversation and are often used on social media platforms and messaging apps. Along with using AI to write their initial email or message, scammers can also use chatbots to continue a conversation. They may pose as a chatbot themselves or as customer support or other assistance. Meanwhile, they can ask the chatbot to write something that persuades you to give up your credentials or other sensitive information.

 

When dealing with an AI chatbot or other virtual messaging service, you should always think twice about what information you’re sharing and why the sender claims they need it. If a suspicious message is telling you to click a link or call a number, it may be directing you to the scammer. It’s best practice to navigate to a website or look up a phone number yourself.

 

Deep fakes are a relatively new tool used by cybercriminals to deceive people. Deep fakes are videos or images that have been manipulated to appear real but are actually fake. They may be used to impersonate celebrities, athletes or manipulate photos of people you know. Cybercriminals can use deep fake technology to impersonate someone you may know or trust to make a social engineering scam even more believable.

 

Social engineering is perhaps the most insidious method used by cybercriminals to obtain your sensitive information. This technique involves convincing people into revealing their credentials or other sensitive information through psychological manipulation. For example, a cybercriminal may impersonate a trusted individual or organisation and use fear or urgency to convince you to give up your personal and sensitive information.

 

To avoid falling victim to social engineering, you should always be cautious when dealing with anyone who asks for your information. Anytime a request seems suspicious, you should verify the identity of the person or organisation, even if it takes a little more time to do so.

 

Cybercriminals are constantly coming up with new and innovative ways to trick people into revealing their sensitive information. For example, some criminals may use fake job postings or online surveys to collect your information. Others may use fake websites or apps that appear legitimate but are actually designed to steal your credentials.

 

To protect yourself from cyberthreats, stay vigilant about the information you share online and take steps to secure your accounts. This includes using strong and unique passwords, enabling two-factor authentication whenever possible and avoiding clicking on links or downloading attachments from any unknown or suspicious source. 

The post For Cybersecurity, the Tricks Come More Than Once a Year appeared first on IT Security Guru.

Only 10% of workers remember all their cyber security training

Posted on by Kernel

New research by CybSafe found only 10% of workers remember all their cybersecurity training. This is exposing companies to cyber risk.

1000 US and UK office workers told CybSafe about their cybersecurity training. Half of employees get regular security training courses. A quarter of respondents get none.

Cybersecurity training does not include new technologies

The survey looked at the use of technologies implemented in the last few years.

The way we collaborate and communicate has changed. Cybersecurity training has not kept up with applications like Slack and Teams. Most security training is still delivered by web-based learning management systems.

Oftentimes, important security information is getting lost in the noise. Only half of the workers interviewed paid attention to emailed content (53%). Furthermore, 20% of employees said they cannot remember or find relevant cybersecurity information.

Missed opportunities for engagement

80% say they are likely to act on security advice provided on the platforms they use daily, such as Slack and Teams. 90% of respondents thought security nudges on instant messaging platforms would be valuable.

New technologies, new risk

Slack and Teams are an afterthought. 47% have received no training for employee communication applications. Workers are more likely to share login details in tools like Slack (14%), rather than email (12%).

Dr Jason Nurse, Director of Science and research, said: “Cybersecurity training needs to centre on people. It needs an understanding of new and emerging habits. It needs to centre on how people work. And it needs to use behavioural and data science to engage. Interventions made in a timely, convenient way have a real impact.”

“The way we communicate is changing. Cybercriminals are one step ahead,” said Oz Alashe MBE, CEO Of CybSafe.

“People want to be part of the solution for their organisations. Ineffective tick-box training does not work. Cybersecurity training needs a facelift. It needs to focus on people, their habits and behaviours. The right message, at the right time, on the right platform.  Data and behavioural science can help companies stay ahead of new threats.

“For too long cyber security has focused on employees working around their organisation. It’s time organisations adapt and centre around their people.”

The post Only 10% of workers remember all their cyber security training appeared first on IT Security Guru.

New API Report Shows 400% Increase in Attackers

Posted on by Kernel

Today Salt Security have released the findings from their latest Salt Labs State of API Security Report, Q1 2023, which found that there has been a 400% increase in unique attackers (over 4800) in the last six months. The report makes it clear that attackers are getting wise to exploiting APIs – and they’re persistent. Attackers will try time and time again until something works. Last year’s report found that API attacks increased 681% in the last 12 months.

The report also found that 80% of attacks happened over authenticated APIs, making it a widespread problem for all. Given that it is one of the easiest types of attack to execute, it is no surprise that attackers are increasingly targeting this route into an organisation.

The State of API Security Report pulls data from a combination of nearly 400 survey responses and empirical data from Salt customers across a range of industries, company sizes, and job responsibilities. This year’s report, the company’s fifth, provides the deepest insights yet, including “in the wild” API vulnerability research from Salt Labs that demonstrates how respondents’ top concerns in API security manifest in real-world scenarios.

Key findings from the report include:

  • API security has emerged as a significant business issue, not just a security problem, with 48% of survey respondents saying that API security has become a C-level discussion over the past year.
  • The top two most valued API security capabilities are to stop attacks (44%) and identify PII exposure (44%). The ability to implement shift-left practices rated the lowest (22%).
  • Vulnerabilities discovered in the wild represent a critical concern for small and large businesses alike.
  • “Zombie” APIs followed by ATO top the list of API worries. In fact, 54% of respondents said outdated or “zombie” APIs are a high concern, up from 42% in the last quarter.

Data from the report shows that reliance on APIs is continuing to grow as they become ever more imperative to their organisation’s success. Simultaneously, APIs are becoming harder to protect as attacks increase exponentially and traditional tools and processes cannot stop them.  The findings from Salt Labs highlight why 2023 has been dubbed the “Year of API Security”.

 

The post New API Report Shows 400% Increase in Attackers appeared first on IT Security Guru.

Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries

Posted on by Kernel

As important as it is, cybersecurity awareness training might not seem like the most exciting thing in the world, but when it involves plots to rival your favourite network crime dramas, expertly crafted cinematography, and characters to root for? Naturally, it all feels a little bit different.  

Of course, we’re talking about the long-awaited return of KnowBe4’s network-quality video series The Inside Man. Back for its fifth season, the show, created and produced by Twist & Shout Communications (a KnowBe4 company) is now available to all diamond-level KnowBe4 subscribers.  

The Gurus were lucky enough to walk the red carpet alongside the show’s cast and crew last week at the Odeon Luxe Cinema, Leicester Square. A packed-out venue fit for an ambitious and industry-leading series that reunited some of our favourite characters. 

 

What To Expect This Season 

Season 5 of The Inside Man has big ambitions that echo, as always, real-world scenarios, genuine real-world threats, and plausible scenarios. If season 4 was a nod to 2021’s Colonial Pipeline ransomware attack, season 5 takes a stab at the more political side of cybercrime.  

The season’s antagonist, Cyrus, sums the season – and his intentions – up perfectly: ‘Money? You think this is about money? It’s about power… The power to know how people are going to react before they know themselves, to mould their thoughts, to shape their behaviour… The power to choose who wins an election, wins a war.’ 

Of course, this echoes similar themes that we see in the news frequently, with cyber influence operations becoming all the more common. In fact, just last year US military and intelligence officials announced that they were stepping up efforts to defend the electoral process from foreign influence.  

Whilst the show doesn’t go that far, it does dabble in using cyber influence to show the increasingly complex nature of highly personalised attacks. This season we find Mark, AJ, Fiona, Violent and Maurice approached by the security services to help fight against a remorseless adversary deploying vast resources of hacking powers to gain influence and power. From global corporation acquisition to insider threats within hospitals and healthcare, this is definitely the most eager (and high stakes) series of The Inside Man yet. 

Jim Shields, Creative Director of Twist & Shout Communications said: “In this season, we see many of these exciting plotlines finally come home to roost. Storylines for which we’ve spent two or three seasons laying the foundations. It’s powerful stuff, and the production team have excelled themselves as usual in bringing it to life. I’m unbelievably proud to be a part of this series.”   

 

Revolutionising Cyber Awareness Training 

For many years, KnowBe4 have been reshaping cybersecurity awareness. Perhaps the most obvious example of this is their willingness to invest in something truly different and, perhaps, revolutionary within its field. It’s clear that The Inside Man is an investment, with stunning sets, large productive value and 12-episode story arc. However, it pays off; the show has real, dedicated fans. In fact, three lucky superfans were invited to the premiere, with one having written a full-blown analysis of it. There’s nothing quite like it! 

“Security awareness training doesn’t have to be boring, nor should it,” says Stu Sjouwerman, CEO of KnowBe4. “‘The Inside Man’ is the most utilised training that KnowBe4 offers in the optional training category because it is highly captivating, and the production quality is more like a network-quality series than training.” 

What The Inside Man does so captivatingly is foreground the human element of cybercrime, with the adversaries not the stereotypical hooded hackers of yesteryear and our victims harrowingly human and relatable. From social engineering to passwords, to social media and deep fakes, this season of The Inside Man covers a lot of ground. Importantly, it reveals how easy it can be for an outsider to penetrate an organisation’s security controls and network. It’s awareness training that doesn’t feel like awareness training – and it’s not preachy either. 

 

The Verdict  

Season 5 of The Inside Man is well worth a watch. Whether or not you typically ‘enjoy’ cybersecurity awareness training, you can’t help but feel drawn to the show. It’s both educational and entertaining, and that’s pretty impressive.  

Education and awareness are at the heart of everything KnowBe4 does – and The Inside Man is no different, clearly. The Inside Man forces audiences to face safe (or otherwise) cybersecurity practises in an unusual (and rather fun) way. Ultimately, this passion project, beloved within its community, is something vendors should take notice of.  

You can watch the full series on The Inside Man microsite on the KnowBe4 platform if you are a diamond member. 

 

The post Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries appeared first on IT Security Guru.

UK Sets Up Fake Booter Sites To Muddy DDoS Market

Posted on by Kernel

The United Kingdom’s National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services.

The warning displayed to users on one of the NCA’s fake booter sites. Image: NCA.

The NCA says all of its fake so-called “booter” or “stresser” sites — which have so far been accessed by several thousand people — have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks.

“However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators,” reads an NCA advisory on the program. “Users based in the UK will be contacted by the National Crime Agency or police and warned about engaging in cyber crime. Information relating to those based overseas is being passed to international law enforcement.”

The NCA declined to say how many phony booter sites it had set up, or for how long they have been running. The NCA says hiring or launching attacks designed to knock websites or users offline is punishable in the UK under the Computer Misuse Act 1990.

“Going forward, people who wish to use these services can’t be sure who is actually behind them, so why take the risk?” the NCA announcement continues.

The NCA campaign comes closely on the heels of an international law enforcement takedown involving four-dozen websites that made powerful DDoS attacks a point-and-click operation.

In mid-December 2022, the U.S. Department of Justice (DOJ) announced “Operation Power Off,” which seized four-dozen booter business domains responsible for more than 30 million DDoS attacks, and charged six U.S. men with computer crimes related to their alleged ownership of popular DDoS-for-hire services. In connection with that operation, the NCA also arrested an 18-year-old man suspected of running one of the sites.

According to U.S. federal prosecutors, the use of booter and stresser services to conduct attacks is punishable under both wire fraud laws and the Computer Fraud and Abuse Act (18 U.S.C. § 1030), and may result in arrest and prosecution, the seizure of computers or other electronics, as well as prison sentences and a penalty or fine.

The United Kingdom, which has been battling its fair share of domestic booter bosses, started running online ads in 2020 aimed at young people who search the Web for booter services.

As part of last year’s mass booter site takedown, the FBI and the Netherlands Police joined the NCA in announcing they are running targeted placement ads to steer those searching for booter services toward a website detailing the potential legal risks of hiring an online attack.

New Research Examines Traffers and the Business of Stolen Credentials

Posted on by Kernel

Today, Outpost24 released a new report revealing the underground operation of Traffers, cybercriminal organisations reshaping the business of stolen credentials.

The Rising Threat of Traffers report, compiled by Outpost24’s Threat Intelligence team, KrakenLabs, provides a deep dive into the credential theft ecosystem, and encourages organisations to evaluate their security measures against these evolving threats.

Stolen credentials are a major problem for organisations, causing nearly 50% of all data breaches. While businesses are still trying to figure out how to fix the password problem, cyber criminals are organising, and innovating. The increased professionalization of cyber criminal groups, specifically the rise of Traffers, is the latest threat against businesses.

Traffers are highly organized cybercriminal groups. They spread different types of malware families with the goal of exfiltrating credentials or profit. To spread the malware as far and wide as possible, they have formed an industry-like structure of product and service providers, as well as dedicated market places, in the form of Telegram channels, to facilitate the sale of those credentials.

To increase their success rate, Traffers target their would-be victims by driving their internet traffic with Google and Facebook Ads to fraudulent content. Traffers have developed a business model that involve specific recruitment, training, and compensation, all of which distinguish them from other cybercriminals.

The price spike of information-stealing malware, the subscription models for accessing stolen credentials, and even the earnings of the Traffers themselves, are just some of the highlights in the report that demonstrate the increased activity and demand in the cybercriminal ecosystem.

Victor Acin, Head of the KrankenLabs at Outpost24, “credentials, and the tools used to steal them, are a commodity. With the growing trend of Initial Access Brokers (IABs) we know that criminal groups are willing to pay for services, which means they expect a bigger profit in return – that’s bad news for businesses.”

As the underground economy circulates, current security measures may fall behind. Organisations need to consider the Traffers attack chain to stay protected against the latest threats. The Rising Threat of Traffers report provides practical advice that can protect credentials, and help businesses avoid malware infections, in the way it is done by Traffers teams.

Outpost24’s KrakenLabs will continue to monitor these groups as part of their cyber threat intelligence solution, helping organizations improve their cyber security posture with real-time threat detection and faster remediation.

To read more about the report, please visit here. Last year, we reported that in the first half of the year, stolen credentials were involved in nearly half of data breaches.

The post New Research Examines Traffers and the Business of Stolen Credentials appeared first on IT Security Guru.

How to Succeed As a New Chief Information Security Officer (CISO)

Posted on by Kernel

water-cyber-security-plant

 

As cyber threats increase in frequency and complexity, organizations recognize the importance of having a Chief Information Security Officer (CISO) to protect their sensitive data and infrastructure. To succeed as a new CISO, it’s essential to clearly understand the organization’s security landscape, establish strong relationships with key stakeholders, and develop a comprehensive cybersecurity strategy that aligns with the organization’s business objectives. This guide will explore the key steps and strategies that new CISOs can take to build a successful cybersecurity program and effectively manage cyber risks.

Commit to Learning and Participation

As a CISO, you probably have an endless to do list of vital chores that can keep you preoccupied. FFor this reason, you may be cut off from your coworkers and superiors, limiting your exposure to strategic and operational information shared through informal channels such as one on ones, small group brainstorming sessions, and, yes, even boring meetings. Stay in touch with your mentor(s) as you make this shift. Having a clear idea of your challenges and working with a coach can help your CISO first 90 days and adjust more smoothly. Participate in the discussion to better understand the company’s goals, potential, and threats. 

Create Connections

Building productive relationships with employees and other divisions is crucial to your success as a chief information security officer. Coordinate early on with the major players by setting up a meeting schedule. Determine which divisions you will work with, such as legal, audit, risk, marketing, and sales. As a result, we will be better able to establish connections to facilitate the rollout of cybersecurity awareness campaigns and related policies. The CISO needs to work in tandem with other executives.

Analyze the Department

Examine how effective your present team is. Think about their experience, quirks, and how they’d fit in with the team dynamic. Examine the current staffing setup, discuss how positions’ responsibilities might be realigned or increased to meet your security objectives, and outline how this would benefit team members’ long term professional development.

Great leaders don’t just delegate responsibility; they also name their successors. Choose a reliable second in command within the first month. It’s not crucial to assign a specific individual to this role right once, but knowing whether or not the necessary skills are already present and need to be nurtured is critical. Who could step in to do your job if something went wrong? Consider who you already have on staff who may be groomed for the position or who you would need to hire from the outside.

Evaluate Your Tools

Your security approach will be as good as the tools you employ, which is why good tools are so crucial. Think about your organization’s security stack tools and why they were acquired. Determine how many resources each SOC team member needs to perform their duties, and be sure to document any complaints they may have properly. Consider how many of your security suite’s components are creaking in old age. Old tools often do more harm than good. Think about the business case for upgrading or replacing outdated software with cutting edge security features specifically designed to meet the demands of your company.

The duties and obligations of a CISO demand certain expertise, and the position itself demands much more. Meeting legal standards, assisting with company operations, and making business choices linked to IT security are just some of the activities and responsibilities a CISO may take on, depending on the industry or the organization’s size. Years of technical experience, team management skills, strong leadership abilities, and in-depth knowledge of industry related compliance standards and laws are just a few attributes needed to become a CISO and succeed.

 

The post How to Succeed As a New Chief Information Security Officer (CISO) appeared first on IT Security Guru.

Synopsys discover new vulnerability in Pluck Content Management System

Posted on by Kernel

Software security company Synopsys have discovered a new remote code execution vulnerability (RCE) in the Pluck CMS system. Pluck is a content management system (CMS) implemented in PHP designed for setting up and managing your own website. Devised with ease of use and simplicity in mind, Pluck is best suited for running a small website.

Pluck CMS features an “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the user to upload JPEG, PNG, and GIF filetypes, which undergo a normalization process before being available on the site.

However, not is all as it seems within the system. As a result of a lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell.

Doing this leaves Pluck users – and the ecosystems they use the CMS to develop – vulnerable to attacks. A threat actor may choose to navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. However, once these are acquired (which is entirely within a capable threat actor’s capabilities) they will have direct access.

After authenticating through the web interface, a threat actor would need to navigate to the albums module and create a sample album: Images uploaded to an album are subject to normalization via functions from the graphics library PHP-GD, preventing simple web-shell embedding techniques. However, it is possible to embed a web-shell into a JPEG image that will survive this normalization using the tool Jellypeg, create such a payload and upload it with an executable file extension (.php, .phar, etc.). Navigating to the uploaded file directly allows RCE.

The post Synopsys discover new vulnerability in Pluck Content Management System appeared first on IT Security Guru.

MyCena Improves Customer Data Access Protection in Call Centers and BPOs

Posted on by Kernel

MyCena Security Solutions today announced the addition of a new feature to its MyCena Desk Center (MDC) platform, designed to stop credentials theft, fraud and social engineering in call centers, Business Process Outsourcing (BPOs) and customer service centers.

Customer service operations are a prime target for cybercriminals because they open the doors to millions of customers’ data.

Currently managers at call centers, BPOs and customer service centers give agents their passwords in clear text. The problem is once agents know the passwords, the organization no longer controls the life of those passwords, and these can be shared, sold, lost, social-engineered or phished without them knowing.

MyCena’s new solution addresses this challenge, as it removes security from the hands of employees and places it back in the hands of business leaders – where it belongs. MyCena’s latest feature allows operation managers to generate, manage and distribute encrypted passwords to all their agents, without the agents ever seeing, typing or knowing any of their passwords.

The solution makes targeting agents irrelevant for scammers, phishers and criminals. As agents no longer see or know the passwords to access data, they cannot write, type or share them by mistake or by intent, which significantly strengthens cybersecurity and data protection at the customer service center.

MyCena was the first cybersecurity company to identify the two key logic errors companies make internally that started the cycle of data breaches. First, companies allow each employee to make their own passwords to access their systems and data. Having given away control of access, they don’t know when passwords are phished, social engineered, shared, sold or reused in personal accounts. The majority of breaches – over 82% – use employees’ login credentials. That means 4 out of 5 breaches aren’t recognised as external threats by threat intelligence and detection tools, so they are completely missed.

The post MyCena Improves Customer Data Access Protection in Call Centers and BPOs appeared first on IT Security Guru.

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Posted on by Kernel

Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones.

In November 2022, researchers at Google’s Project Zero warned about active attacks on Samsung mobile phones which chained together three security vulnerabilities that Samsung patched in March 2021, and which would have allowed an app to add or read any files on the device.

Google said it believes the exploit chain for Samsung devices belonged to a “commercial surveillance vendor,” without elaborating further. The highly technical writeup also did not name the malicious app in question.

On Feb. 28, 2023, researchers at the Chinese security firm DarkNavy published a blog post purporting to show evidence that a major Chinese ecommerce company’s app was using this same three-exploit chain to read user data stored by other apps on the affected device, and to make its app nearly impossible to remove.

The three Samsung exploits that DarkNavy says were used by the malicious app. In November 2022, Google documented these three same vulnerabilities being used together to compromise Samsung devices.

DarkNavy likewise did not name the app they said was responsible for the attacks. In fact, the researchers took care to redact the name of the app from multiple code screenshots published in their writeup. DarkNavy did not respond to requests for clarification.

“At present, a large number of end users have complained on multiple social platforms,” reads a translated version of the DarkNavy blog post. “The app has problems such as inexplicable installation, privacy leakage, and inability to uninstall.”

On March 3, 2023, a denizen of the now-defunct cybercrime community BreachForums posted a thread which noted that a unique component of the malicious app code highlighted by DarkNavy also was found in the ecommerce application whose name was apparently redacted from the DarkNavy analysis: Pinduoduo.

A Mar. 3, 2023 post on BreachForums, comparing the redacted code from the DarkNavy analysis with the same function in the Pinduoduo app available for download at the time.

On March 4, 2023, e-commerce expert Liu Huafang posted on the Chinese social media network Weibo that Pinduoduo’s app was using security vulnerabilities to gain market share by stealing user data from its competitors. That Weibo post has since been deleted.

On March 7, the newly created Github account Davinci1010 published a technical analysis claiming that until recently Pinduoduo’s source code included a “backdoor,” a hacking term used to describe code that allows an adversary to remotely and secretly connect to a compromised system at will.

That analysis includes links to archived versions of Pinduoduo’s app released before March 5 (version 6.50 and lower), which is when Davinci1010 says a new version of the app removed the malicious code.

Pinduduo has not yet responded to requests for comment. Pinduoduo parent company PDD Holdings told Reuters Google has not shared details about why it suspended the app.

The company told CNN that it strongly rejects “the speculation and accusation that Pinduoduo app is malicious just from a generic and non-conclusive response from Google,” and said there were “several apps that have been suspended from Google Play at the same time.”

Pinduoduo is among China’s most popular e-commerce platforms, boasting approximately 900 million monthly active users.

Most of the news coverage of Google’s move against Pinduoduo emphasizes that the malware was found in versions of the Pinduoduo app available outside of Google’s app store — Google Play.

“Off-Play versions of this app that have been found to contain malware have been enforced on via Google Play Protect,” a Google spokesperson said in a statement to Reuters, adding that the Play version of the app has been suspended for security concerns.

However, Google Play is not available to consumers in China. As a result, the app will still be available via other mobile app stores catering to the Chinese market — including those operated by Huawei, Oppo, Tencent and VIVO.

Google said its ban did not affect the PDD Holdings app Temu, which is an online shopping platform in the United States. According to The Washington Post, four of the Apple App Store’s 10 most-downloaded free apps are owned by Chinese companies, including Temu and the social media network TikTok.

The Pinduoduo suspension comes as lawmakers in Congress this week are gearing up to grill the CEO of TikTok over national security concerns. TikTok, which is owned by Beijing-based ByteDance, said last month that it now has roughly 150 million monthly active users in the United States.

A new cybersecurity strategy released earlier this month by the Biden administration singled out China as the greatest cyber threat to the U.S. and Western interests. The strategy says China now presents the “broadest, most active, and most persistent threat to both government and private sector networks,” and says China is “the only country with both the intent to reshape the international order and, increasingly, the economic, diplomatic, military, and technological power to do so.”