Categories: NewsSecurity

ZNIU Is the First Android Malware to Use Dirty COW

A lot of mobile users are well aware that there are plenty of threats affecting the Android ecosystem right now. One of the newer threats goes by the name of ZNIU, and it is the first case of malware effectively exploiting the Dirty COW vulnerability. This means assailants can carry out a privilege escalation attack to gain root level access and plant a permanent backdoor on a device. The bigger question is whether or not more Android malware types will utilize Dirty COW moving forward.

ZNIU is a Major Android Threat

There are many types of malware capable of impacting mobile devices these days. Especially when it comes to the Dirty COW exploit, things have gotten pretty interesting in this regard. The bug has been prevalent for quite some time now, as it was discovered in the Linux kernel code all the way back in 2007. Although the vulnerability itself was patched pretty quickly, it somehow successfully found its way into the Android ecosystem not too long after.

Although this particular exploit has not been used all that often by the looks of things, some hackers are still paying attention to it for the time being. Dirty COW can effectively be used to root Android devices, which is not a big surprise whatsoever. The main problem is that criminals can leverage this particular exploit in the first place, as it is not exactly straightforward. As most Android users are well aware, anyone who has root privileges can do virtually anything with the device in question.

No one other than the actual device owner should have root privileges in the first place. However, it turns out criminals can successfully achieve this level of access through many different exploits, assuming they wish to pursue that option in the first place. ZNIU is a prime example of how this option is currently being explored by some nefarious actors, as it mainly uses the Dirty COW vulnerability to wreak havoc on Android devices.

Related Post

More specifically, the ZNIU malware uses Dirty COW to not only root Android devices, but also plant a permanent backdoor on the device in question. This backdoor gives criminals continued access to the device, through which they can perform a wide range of attacks. In most cases, the backdoor is used to collect information, but it can also grant hackers access to SMS services, photos, and so on. It’s not a fun situation for anyone who has had to deal with ZNIU; that much is certain.

What is even more disconcerting is the sheer number of applications which seemingly carry the ZNIU malware right now. Trend Micro researchers have already identified over 1,200 such apps, although the total number may be much higher than that. Most of these apps are related to gaming and adult content, although none of them are to be found in the Google Play Store at this time. Always be wary when downloading APK files from third-party platforms.

One thing to note is how ZNIU has a weak implementation of Dirty COW. More specifically, this implementation only works on Android devices with a specific architecture. Any other devices will simply ignore this attack vector and not have a backdoor installed in the end. Whether or not we can expect to see an updated version of ZNIU remains to be seen. What is clear is that criminals are experimenting with myriad attack vectors targeting Android devices right now.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

OKX Wallet Sees Whales Massive Moves; More on Plus Wallet & Coinbase  

Plus Wallet Impresses with its Speedy 15-Min Token Listings While Coinbase Unveils AI Tool &…

3 hours ago

100% Bonus with BlockDAG! Ethereum Eyes Breakout, Sui Plans To Expand

BlockDAG Rolls Out Limited Time 100% Bonus For Community While Ethereum Price Looks Bullish &…

4 hours ago

Best Crypto Wallets 2024: Top Choices for Security & Rewards

The 5 Best Crypto Wallets Worth Using in 2024 — Find Out Why Selecting a…

5 hours ago

Ethereum Ecosystem Primed For A November Rally – ETH Coins Chainlink (LINK), Toncoin (TON), And Cutoshi (CUTO) The Ones To Watch

With a Total Value Locked (TVL) of $50.72B, Ethereum is the world's largest blockchain, with…

12 hours ago

Analysts Predict a Rollblock 5000% Surge Dwarfing Pepe Coin and Popcat Recent Fame

The meme coin market has recently been surging once again; tokens such as Pepe and…

22 hours ago

FLOKI Dominates Meme Market as Rollblock ICO Skyrockets. Is Polkadot Losing Its Edge?

The FLOKI price has recorded over 300% yearly ROI, dominating crypto gains in the meme…

22 hours ago