Nearly a year after the disclosure of the Dirty COW vulnerability that affected the Linux kernel, cybercriminals have started exploiting the vulnerability against Android users, researchers have warned.
Publicly disclosed last year in October, Dirty COW was present in a section of the Linux kernel—a part of virtually every Linux distribution, including Red Hat, Debian, and Ubuntu—for years and was actively exploited in the wild.
The vulnerability allows an unprivileged local attacker to gain root access through a race condition issue, gain access to read-only root-owned executable files, and permit remote attacks.
However, security researchers from Trend Micro published a blog post on Monday disclosing that the privilege escalation vulnerability (CVE-2016-5195), known as Dirty COW, has now been actively exploited by a malware sample of ZNIU, detected as AndroidOS_ZNIU.
This is the first time we have seen a malware sample to contain an exploit for the vulnerability designed to compromise devices running on the mobile platform.