Categories: NewsSecurity

ZNIU Is the First Android Malware to Use Dirty COW

A lot of mobile users are well aware that there are plenty of threats affecting the Android ecosystem right now. One of the newer threats goes by the name of ZNIU, and it is the first case of malware effectively exploiting the Dirty COW vulnerability. This means assailants can carry out a privilege escalation attack to gain root level access and plant a permanent backdoor on a device. The bigger question is whether or not more Android malware types will utilize Dirty COW moving forward.

ZNIU is a Major Android Threat

There are many types of malware capable of impacting mobile devices these days. Especially when it comes to the Dirty COW exploit, things have gotten pretty interesting in this regard. The bug has been prevalent for quite some time now, as it was discovered in the Linux kernel code all the way back in 2007. Although the vulnerability itself was patched pretty quickly, it somehow successfully found its way into the Android ecosystem not too long after.

Although this particular exploit has not been used all that often by the looks of things, some hackers are still paying attention to it for the time being. Dirty COW can effectively be used to root Android devices, which is not a big surprise whatsoever. The main problem is that criminals can leverage this particular exploit in the first place, as it is not exactly straightforward. As most Android users are well aware, anyone who has root privileges can do virtually anything with the device in question.

No one other than the actual device owner should have root privileges in the first place. However, it turns out criminals can successfully achieve this level of access through many different exploits, assuming they wish to pursue that option in the first place. ZNIU is a prime example of how this option is currently being explored by some nefarious actors, as it mainly uses the Dirty COW vulnerability to wreak havoc on Android devices.

More specifically, the ZNIU malware uses Dirty COW to not only root Android devices, but also plant a permanent backdoor on the device in question. This backdoor gives criminals continued access to the device, through which they can perform a wide range of attacks. In most cases, the backdoor is used to collect information, but it can also grant hackers access to SMS services, photos, and so on. It’s not a fun situation for anyone who has had to deal with ZNIU; that much is certain.

What is even more disconcerting is the sheer number of applications which seemingly carry the ZNIU malware right now. Trend Micro researchers have already identified over 1,200 such apps, although the total number may be much higher than that. Most of these apps are related to gaming and adult content, although none of them are to be found in the Google Play Store at this time. Always be wary when downloading APK files from third-party platforms.

One thing to note is how ZNIU has a weak implementation of Dirty COW. More specifically, this implementation only works on Android devices with a specific architecture. Any other devices will simply ignore this attack vector and not have a backdoor installed in the end. Whether or not we can expect to see an updated version of ZNIU remains to be seen. What is clear is that criminals are experimenting with myriad attack vectors targeting Android devices right now.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Recent Posts

Incent Loyalty celebrates ‘Bitcoin Pizza’ moment with first real-world transaction

Incent has been used to settle a $1,400 bill with a local restaurant – the token’s very own Bitcoin Pizza…

17 mins ago

Bitcoin Price Watch: Is the Recent Drop Part of a Bigger Picture?

At press time, bitcoin is retaining its $6,100 price from yesterday. The currency fell to this position from $6,700 after…

17 hours ago

Are Centralized Exchanges Breaking the Crypto Promise?

Exchange hacks are becoming the new normal. Just two weeks after Conrail’s $37.2 million hack, it was time for Bithumb’s…

17 hours ago

What Is Forging, and Is It a Viable Alternative to Bitcoin Mining?

As more and more people join the cryptocurrency conversation, Bitcoin mining has been thrust into the limelight. And just like…

18 hours ago

Litecoin Founder Remains Optimistic Despite Recent Bithumb Hack

Charlie Lee, the developer behind the world’s sixth-largest cryptocurrency, Litecoin, believes the price of Bitcoin and other cryptocurrencies will recover…

19 hours ago

MIT Media Lab Project Enigma Partners with Intel on Privacy Research

American multinational technology company Intel has partnered with Enigma on research and development of privacy in computational technologies. Announcing the…

20 hours ago