The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat, and Android, which kernel is based on Linux. It is categorized as a serious privilege escalation flaw that allows an attacker to gain root access on the targeted system. Dirty COW attacks on Android has been silent since its discovery, perhaps because it took attackers some time to build a stable exploit for major devices. Almost a year later, Trend Micro researchers captured samples of ZNIU (detected as AndroidOS_ZNIU)—the first malware family to exploit the vulnerability on the Android platform.Read More
It’s not uncommon for malware to have capabilities that protects itself. This usually consists of routines that help keep it hidden. One particular mobile malware caught our attention with its unique combination that makes its attack stealthy, and it has the capability to locks a user’s device. A similar routine was reported previously in our entry on Operation Emmental in terms of locking the victim’s phone. However, this new malware does so as a failsafe and without the use of external commands.Read More
Not all Android phones come with a built-in flashlight feature in its operating system. Users would have to download flashlight apps to have this utility on their phone. Chances are, these apps will come with updates and ads. Imagine that, flashlights with updates and ads. And while this may seem normal with how apps operate, one flashlight app that’s available in Google Play shows ads that goes beyond the annoying and tells users that their mobile unit is infected with malware.
Super-Bright LED Flashlight on its own is a safe application. However, when a user runs the app, a webpage opens and tells that their device is infected with malware and has a broken battery. The webpage also advises users to install an Android optimizer and anti-virus app to resolve these issues. When we checked the app, the ad was not part of its routine.Read More
We have recently caught sight of a mobile ransomware distributed by fake adult websites. It not only locks the device screen and display a warning supposedly coming from law enforcement—a tactic reminiscent of the Police Trojan that plagued desktops before—it also activates the unit’s front facing camera to add to its scare tactic. However, while it has routines unique to mobile ransomware, it also has a particular set of weaknesses that stand out.Read More
A vulnerability known as Wormhole that reportedly affected the software development kit (SDK), Moplus by Baidu is making waves due to the severity of the impact once successfully exploited. The said vulnerability was discovered by WooYun.og, a vulnerability reporting platform in China.Read More