It’s the first time to see threat actors have combined the Dirty Cow Android vulnerability to malware created to compromise users’ devices.
ZNIU is the name of the first malware sample to include an exploit for the Dirty COW vulnerability to infect users.
Security researchers from Trend Micro announced the vulnerability, tracked as CVE-2016-5195, has been found in a malware sample of ZNIU, the malware is identified as “AndroidOS_ZNIU” and this is the first malware sample to include an exploit for the Dirty COW flaw.
Dirty COW has been discovered by David Manouchehri in October 2016, which is a privilege escalation Linux flaw that enables an attacker to elevate the privilege of attack code to “root” level and carry out malicious operations.
According to Trend Micro researchers:
“The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat, and Android, which kernel is based on Linux. It was categorized as a serious privilege escalation flaw that allows an attacker to gain root access on the targeted system.”
Actually, the ZNIU malware usually looks as a porn application downloaded from malicious websites, where victims are fooled into clicking on a malicious link that installs the malware app on their device. Attackers use this malware to collect data on the infected devices
Users are recommended to install apps only from the Google store or trusted third-party app stores and use mobile security solutions to prevent threats.
