First Android Malware Found Exploiting Dirty COW Linux Flaw to Gain Root Privileges

dirty

by 

Tuesday, September 26, 2017 

Nearly a year after the disclosure of the Dirty COW vulnerability that affected the Linux kernel, cybercriminals have started exploiting the vulnerability against Android users, researchers have warned.

Publicly disclosed last year in October, Dirty COW was present in a section of the Linux kernel—a part of virtually every Linux distribution, including Red Hat, Debian, and Ubuntu—for years and was actively exploited in the wild.

The vulnerability allows an unprivileged local attacker to gain root access through a race condition issue, gain access to read-only root-owned executable files, and permit remote attacks.

However, security researchers from Trend Micro published a blog post on Monday disclosing that the privilege escalation vulnerability (CVE-2016-5195), known as Dirty COW, has now been actively exploited by a malware sample of ZNIU, detected as AndroidOS_ZNIU.

This is the first time we have seen a malware sample to contain an exploit for the vulnerability designed to compromise devices running on the mobile platform.

MORE: http://thehackernews.com/2017/09/dirty-cow-android-malware.html?m=1

Mais do que uma solução tecnológica, somos uma decisão estratégica para as organizações.

Nossa missão é redefinir a relação das empresas com a cibersegurança e a experiência dos usuários no processo de autenticação e acesso a ativos tecnológicos.