The Dirty COW vulnerability is a Linux privilege escalation issue that allows someone to gain root access to the operating system. And Android – being based on Linux kernel – was shown to be vulnerable to this, as shown in some root access attempts on devices that went via the Dirty COW approach. The bad news is, a new malware called ZNIU now gains access to Android devices via the same vulnerability.
Trend Micro, a popular internet security outfit, has discovered the ZNIU malware family in more than 40 countries as of last month. The malware basically spreads via infected apps, affecting more than 5,000 users in its wake and counting.
At the moment, ZNIU’s Dirty COW exploit only works on Android devices with ARM or X86 64-bit architecture – which means most modern smartphones in the past 2 years or so. The bad news is that recent exploits have seen ZNIU bypass SELinux and plant a rootkit, which means a system wipe will not fix your infected device.
The malware is often embedded in apps downloaded from porn sites and such. Once installed, the malware will plant a rootkit for potential backdoor attacks in the future. Using the Dirty COW exploit, it gains root access and harvests user information, then send premium SMS messages to that money can be collected off the user.
At this point, this exploit only happens in China, where money over SMS is a thing. But being infected with ZNIU means that your device will be open to a potential backdoor attack at any time.
SOURCE: Trend Micro
