The Dirty COW vulnerability which affected the Linux kernel, had revealed in recent past. Not a year has passed yet but the researchers have warned disclosing that; the cyber-crime outfits inaugurated employing the vulnerability against Android users. On Monday, the security researchers at Trend Micro revealed about; the prerogative intensification vulnerability (CVE-2016-5195) named as DirtyCOW. They affirmed that a malware sample Of ZNIU has actively exploited Dirty Cow for the first time, which is identified as AndroidOS_ZNIU.
In such a chaos in the cyber world, where almost every day we hear about a new malware; Not acquiring a VPN service is a cyber suicide. If you want to secure yourself from these attacks; be sure to opt for a secure VPN such as NordVPN and ExpressVPN.
What Is Dirty Cow?
Dirty Cow was openly unveiled earlier in 2016. The vulnerability has been existing in the kernel and Linux configurations for ages. It allows criminals to intensify source prerogatives through a race condition bug; to get access to read-only memory. Then allow remote assaults.
Trend Micro researchers Jason Gu, Veo Zhang, and Seven Shen said ZNIU was existing in approximately 40 countries a month before.
How Does ZNIU Dirty Cow Exploit Work?
As it turned out, when any user downloads the ZNIU malware and installs it. The ZNIU malware-importing app interacts with its command-and-control (C&C) server to inspect for code updates. At the same time, the Dirty Cow exploit renders local prerogative intensification to reach source access on the device. It then detours system constraints and “establish a backdoor for implied remote control attacks in the prospect.
The malware also collects the vector data of the user and tries to transfer amounts via premium SMS messages that were delivered to a mannequin organization in China.
However, after the completion of the SMS transaction, the malware removes the messages from the device to eradicate proof of any trade-off.
According to a Blog post, the researchers discovered the malware has previously infected over 5,000 Android users across 40 countries in current weeks; with the majority of victims found in China and India. Whereas other stays in the United States, Japan, Canada, Germany, and Indonesia.
The Android Apps affected By ZNIU Malware:
The malware utilizes the Dirty COW exploit to source Android devices;through the copy-on-write (COW) tool in Android’s Linux kernel. then it places a backdoor which attackers can use to gather data, and make money by a premium valuation phone number.
Trend Micro researchers identified the ZNIU malware in approximately 1,200 malicious Android app. A few of them misrepresented themselves as pornography and gaming apps. Beside host websites carrying malware rootkits that employ Dirty Cow.
However, the Dirty Cow defect influences every version of the Android operating system. But the ZNIU’s Dirty Cow exploit just infects Android devices with ARM/X86 64-bit structure.
“We monitored six ZNIU rootkits, four of which were Dirty COW exploits. The other two were KingoRoot, a rooting app, and the Iovyroot exploit (CVE-2015-1805),” the researchers said.
“ZNIU used KingoRoot and Iovyroot because they can root ARM 32-bit CPU devices, which the rootkit for Dirty COW cannot.”
How VPN Protect Android Device Against Malware:
- Obviously, no one wants to be a victim of such malware, but not all of us take preventive measures to stay secure. The genuine and the most reliable approach is to utilize a VPN for Android. A Virtual Private Network (VPN) for Android builds an encrypted tunnel which transports all your data via this secure tunnel.Hence protects your data to get snoop by the hackers or anyone else. Have a look to 5 Best VPN for Android 2017.
- You should also prevent stay away from downloading apps from unknown sources and be sure to use the official Google Play Store.
