Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
A lot of mobile users are well aware thatĀ there are plenty of threats affecting the Android ecosystem right now. One of the newer threats goes by the name of ZNIU, and it is the first caseĀ of malware effectively exploitingĀ the Dirty COW vulnerability. This means assailants can carry outĀ a privilegeĀ escalation attackĀ to gain root level access and plant a permanent backdoor on aĀ device. The bigger question is whether or not more Android malware types will utilizeĀ Dirty COW moving forward.
ZNIU is a Major Android Threat
There are many types of malwareĀ capable of impactingĀ mobile devices these days. Especially when it comes to the Dirty COW exploit, things have gotten pretty interesting in this regard. TheĀ bug has been prevalent for quite some time now, as it was discovered in the Linux kernel code all the way back inĀ 2007. Although the vulnerability itself was patched pretty quickly, it somehow successfully found its way into the Android ecosystem not too long after.
Although this particular exploit has not been used all that often by the looks of things, some hackersĀ are still paying attention to it for the time being. Dirty COW can effectively be used to root Android devices, which is not a big surprise whatsoever. The main problemĀ is thatĀ criminals can leverage this particular exploit in the first place, as itĀ is not exactly straightforward. As most Android users areĀ well aware, anyone who has root privileges can do virtually anything with the device in question.
No one other than the actual device owner should have root privileges in the first place. However, it turns out criminals can successfully achieve this level of access through many different exploits, assuming they wish to pursue that option in the first place. ZNIU is a prime example of how this option is currently being explored by some nefarious actors, as it mainly usesĀ the Dirty COW vulnerability to wreakĀ havoc on Android devices.
More specifically, the ZNIU malware uses Dirty COW to not only root Android devices, but also plant a permanent backdoor on the device in question. This backdoor gives criminals continued access to the device, through which they can perform a wide range of attacks. In most cases, the backdoor is used to collect information, but it can also grant hackers access to SMS services, photos, and so on. Itās not a fun situation for anyone who has had to deal with ZNIU; that much is certain.
What is even more disconcerting is the sheer number of applications which seemingly carry the ZNIU malware right now. Trend Micro researchers have already identified over 1,200 such apps, although the total number may be much higher than that. Most of these apps are related to gaming and adult content, although none of them are to be found in the Google Play Store at this time. Always be wary when downloading APK files from third-party platforms.
One thing to note is how ZNIU has a weak implementation of Dirty COW. More specifically, this implementation only works on Android devices with a specific architecture. Any other devices will simply ignore this attack vector and not haveĀ a backdoor installed in the end. Whether or not we can expect to see an updated version of ZNIU remains to be seen. What is clear is thatĀ criminals are experimenting with myriadĀ attack vectors targeting Android devices right now.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.