"Dirty Cow" Vulnerability Detected "ZNIU" First Android Malware

"Dirty Cow" Vulnerability Detected "ZNIU" First Android Malware

It’s the first time to see threat actors have combined the Dirty Cow Android vulnerability to malware created to compromise users’ devices.





Security researchers from Trend Micro announced the vulnerability, tracked as CVE-2016-5195, has been found in a malware sample of ZNIU, the malware is identified as “AndroidOS_ZNIU” and this is the first malware sample to include an exploit for the Dirty COW flaw.

Dirty COW has been discovered by David Manouchehri in October 2016, which is a privilege escalation Linux flaw that enables an attacker to elevate the privilege of attack code to “root” level and carry out malicious operations.

According to Trend Micro researchers:

“The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat, and Android, which kernel is based on Linux. It was categorized as a serious privilege escalation flaw that allows an attacker to gain root access on the targeted system.”

Actually, the ZNIU malware usually looks as a porn application downloaded from malicious websites, where victims are fooled into clicking on a malicious link that installs the malware app on their device. Attackers use this malware to collect data on the infected devices.