ZNIU is First Android Malware Exploiting Dirty COW Vulnerability

Advertisement
By Ketan Pratap | Updated: 26 September 2017 17:16 IST
Highlights
  • Over 5,000 users have been so far affected by the malware
  • 1,200 malicious Android apps have been discovered
  • Most cases of malware were discovered in China and India

Security researchers have discovered the first instance of Dirty COW vulnerability exploitation spotted in an Android malware. The Dirty COW flaw was dubbed so as it is an acronym for the duplication technique called copy-on-write, and could potentially give root access of a device to the attacker within a matter of seconds. Google late last year claimed to have fixed the issue linked to Linux with its December Android Security update. Now, a malware called ZNIU has been confirmed to be using this exploit to infect devices.

To recall, the ZNIU malware was detected last month in over 40 countries, with the majority of the cases reported in China and India. Researchers claim that the malware was also detected in the US, Japan, Canada, Germany, and Indonesia. The researchers were able to detect over 5,000 affected users, and also claim that more than 1,200 malicious apps carried ZNIU exploit. Researchers claim that the ZNIU malware often appeared as a porn app downloaded from malicious website where users are tricked into clicking on a malicious URL that installs the malware-carrying app on their device.

Advertisement

Security researchers Jason Gu, Veo Zhang, and Seven Shen at Trend Micro captured samples of ZNIU (detected as AndroidOS_ZNIU), which is the first malware family to exploit the Dirty COW vulnerability on the Android platform.

"The vulnerability was discovered in upstream Linux platforms such as Redhat, and Android, which kernel is based on Linux. It was categorised as a serious privilege escalation flaw that allows an attacker to gain root access on the targeted system. Dirty COW attack on Android has been silent since its discovery, perhaps because it took attackers some time to build a stable exploit for major devices," the researchers noted.

Advertisement

The malware used to harvest the carrier information of the user. "It then transacts with the carrier through an SMS-enabled payment service, allowing the malware operator to pose as the device owner. Through the victim's mobile device, the operator behind ZNIU will collect money through the carrier's payment service," explain researchers.

"We have detected more than 5,000 affected users. Our data also shows that more than 1,200 malicious apps that carry ZNIU were found in malicious websites with an existing rootkit that exploits Dirty COW, disguising themselves as pornography and game apps, among others."

Advertisement

Researchers also claim that the Dirty COW vulnerability can exploit all versions of Android OS. However, ZNIU-infected Dirty COW exploit only works on devices running Android OS with ARM/X86 64-bit architecture.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Android, Dirty COW, Linux, Trend Micro
Advertisement

Related Stories

Popular Mobile Brands
  1. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot
  2. OnePlus Exits US, Europe, Continues Operations in India: 5 Things to Know
  3. Airtel Revises Postpaid Portfolio, Removes Rs. 549 Individual Plan
  4. Oppo K15 Launch Date Confirmed; Key Specifications Revealed Ahead of Debut
  5. Insomniac Games Shares New Trailer for Marvel's Wolverine
  6. Here's How Much the iQOO Z11 Lite Could Cost in India
  7. Here's When the Poco M8 Power, Poco X8 Could Launch in India
  8. iPhone 18 Pro Max Could Get a New Sony Sensor With Variable Aperture Tech
  1. Redmi Note 17 Pro Global Variant Reportedly Appears on NBD Database Alongside Poco Model
  2. Google Pixel 11a Codename Reportedly Spotted in Phone App
  3. Huawei Mate XT 2 Leaked Patent Reveals New Tri-Fold Design and Folding Mechanism
  4. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot: Here's What We Know So Far
  5. Lenovo Legion C700 Teased as a Cloud Gaming Handheld Ahead of August Launch
  6. Marvel's Wolverine Gets New Trailer That Will Play Ahead of Christopher Nolan's The Odyssey in Select Theatres
  7. Airtel Quietly Removes Rs. 549 Individual Postpaid Plan in India; Rs. 699 Plan Becomes Next Upgrade
  8. Poco M8 Power, Poco X8 India Launch Timeline Tipped; Could Arrive as Rebranded Redmi Note 17 Series
  9. Samsung Galaxy S25 Series Could Get Galaxy S26’s Horizontal Lock Camera Feature With One UI 9 Update
  10. Asus Pad India Launch Date Announced as Company Reveals Key Specifications
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.