Ads Top

Dirty Cow Vulnerability: How ZNIU Is Using It to Attack Android


Dirty Cow Vulnerability: Since Linux is an open source project, it’s hard to find security flaws in its source code as thousands of users actively keep checking and fixing the same. Due to this proactive approach, even when a flaw is discovered, it is patched immediately. That’s why it was so surprising when an exploit was discovered last year which has escaped the rigorous due diligence of all the users over the past 9 years. Yes, you read it right, although the exploit was discovered in October 2016, it had existed inside the Linux kernel code since last 9 years. This type of vulnerability, which is a type of privilege escalation bug is known as the Dirty Cow vulnerability (Linux kernel bug catalogue number – CVE-2016-5195).




What is Dirty Cow Vulnerability?

As mentioned above, Dirty Cow vulnerability is a type of privilege escalation exploit which can be used to grant super-user privilege to anyone. Basically, by using this vulnerability any user with malicious intent can grant himself a super-user privilege, thereby having a complete root access to a victim’s device. Getting the root access to a victim’s device gives the attacker full control over the device and he can extract all the data stored on the device, without the user becoming any wiser.



What is ZNIU and What Dirty Cow Has to Do With It?

ZNIU is the first recorded malware for Android which is utilising the Dirty Cow vulnerability to attack Android devices. The malware uses the Dirty Cow vulnerability to gain root access to the victim’s devices. Currently, the malware has been detected to be hiding in more than 1200 adult gaming and pornographic apps. At the time of publishing this article more than 5000 users across 50 countries have been found to be affected by it.



Which Android Devices Are Vulnerable to ZNIU?

After the discovery of the Dirty Cow vulnerability (October 2016), Google released a patch in December 2016 to fix this issue. However, the patch was released for Android devices which were running on Android KitKat (4.4) or above. According to the breakup of Android OS distribution by Google, more than 8% of the Android smartphones are still running on lower versions of the Android. Of those running on Android 4.4 to Android 6.0 (Marshmallow), only those devices are safe which have received and installed the December security patch for their devices.




ZNIU: How Does it Work?

After the user has downloaded a malicious app which has been infected with ZNIU malware, when they launch the app, the ZNIU malware will automatically contact and connect to its command and control (C&C) servers to obtain any updates if available. Once it has updated itself, it will use the privilege escalation (Dirty Cow) exploit to gain the root access to the victim’s device. Once it has root access to the device, it will harvest the user’s information from the device.



Currently, the malware is using the user information to contact the victim’s network carrier by posing as the user himself. Once authenticated it will carry out SMS-based micro-transactions and collect payment through the carrier’s payment service. The malware is intelligent enough to delete all the messages from the device after the transactions have taken place. Thus, the victim has no idea about the transactions. Generally, the transactions are carried out for very small amounts ($3/month). This is another precaution taken by the attacker to ensure that victim doesn’t discover the fund transfers.


How to Save Yourself From ZNIU Malware

We have written a whole article on protecting your Android device from malware, which you can Download Here. The basic thing is to use common sense and not installing the apps from untrusted sources. Even in the case of ZNIU malware, we have seen that the malware is delivered to victim’s mobile when they install pornographic or adult-gaming apps, which are made by untrusted developers. To protect against this specific malware, make sure that your device is on the current security patch from Google. The exploit was patched with the December (2016) security patch from Google, hence anyone who has that patch installed is safe from the ZNIU malware. Still, depending on your OEM, you might not have received the update, hence it’s always better to be aware of all the risks and take necessary precaution from your side. Again, everything that you should and shouldn’t do to save your device from getting infected by a malware is mentioned in the article which is linked above.

Download : Download Now

Protect Your Android From Getting Infected By Malware

The last couple of years has seen a rise in malware attacks on Android. Dirty Cow vulnerability was one of the biggest exploits which has ever been discovered and seeing how ZNIU is exploiting this vulnerability is just horrific. ZNIU is especially worrisome because of the extent of devices it impacts, and the unfettered control that it grants to the attacker. However, if you are aware of the problems and take necessary precautions, your device will be safe from these potentially hazardous attacks. So, first make sure that you update the latest security patches from Google as soon you get them, and then keep away from untrusted and suspicious apps, files, and links. What do you think one should do protect their device against malware attacks. 
Powered by Blogger.