ZNIU is First Android Malware Exploiting Dirty COW Vulnerability

Share on Facebook Tweet Snapchat Share Reddit Comment
ZNIU is First Android Malware Exploiting Dirty COW Vulnerability
  • Over 5,000 users have been so far affected by the malware
  • 1,200 malicious Android apps have been discovered
  • Most cases of malware were discovered in China and India

Security researchers have discovered the first instance of Dirty COW vulnerability exploitation spotted in an Android malware. The Dirty COW flaw was dubbed so as it is an acronym for the duplication technique called copy-on-write, and could potentially give root access of a device to the attacker within a matter of seconds. Google late last year claimed to have fixed the issue linked to Linux with its December Android Security update. Now, a malware called ZNIU has been confirmed to be using this exploit to infect devices.

To recall, the ZNIU malware was detected last month in over 40 countries, with the majority of the cases reported in China and India. Researchers claim that the malware was also detected in the US, Japan, Canada, Germany, and Indonesia. The researchers were able to detect over 5,000 affected users, and also claim that more than 1,200 malicious apps carried ZNIU exploit. Researchers claim that the ZNIU malware often appeared as a porn app downloaded from malicious website where users are tricked into clicking on a malicious URL that installs the malware-carrying app on their device.

Security researchers Jason Gu, Veo Zhang, and Seven Shen at Trend Micro captured samples of ZNIU (detected as AndroidOS_ZNIU), which is the first malware family to exploit the Dirty COW vulnerability on the Android platform.

"The vulnerability was discovered in upstream Linux platforms such as Redhat, and Android, which kernel is based on Linux. It was categorised as a serious privilege escalation flaw that allows an attacker to gain root access on the targeted system. Dirty COW attack on Android has been silent since its discovery, perhaps because it took attackers some time to build a stable exploit for major devices," the researchers noted.

The malware used to harvest the carrier information of the user. "It then transacts with the carrier through an SMS-enabled payment service, allowing the malware operator to pose as the device owner. Through the victim's mobile device, the operator behind ZNIU will collect money through the carrier's payment service," explain researchers.

"We have detected more than 5,000 affected users. Our data also shows that more than 1,200 malicious apps that carry ZNIU were found in malicious websites with an existing rootkit that exploits Dirty COW, disguising themselves as pornography and game apps, among others."

Researchers also claim that the Dirty COW vulnerability can exploit all versions of Android OS. However, ZNIU-infected Dirty COW exploit only works on devices running Android OS with ARM/X86 64-bit architecture.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Android, Dirty COW, Linux, Trend Micro
Faster Internet Speeds Helping Growth of OTT Platforms in India, Experts Say
Alibaba to Invest $15 Billion to Build a Global Logistics Network

Related Stories




© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com