Criminals Dust Off an Old Bug for a Backdoor in Androids

More than 1,200 apps for Android phones are using a known vulnerability to skip security protocols in the Android mobile operating system.

The bug allows attackers to make fraudulent charges to phone owners and plant a backdoor for future attacks.

According to a report released by security firm TrendMicro, the malicious apps are taking advantage of a year-old vulnerability called Dirty COW, which allows attackers privileged access to devices. Dubbed ZNIU malware, the malicious apps are often disguised as porn or gaming apps and have infected 5,000 users in 40 countries, TrendMicro said. The malicious apps are usually available in third-party stores.

Google released a patch for Dirty COW in December and said the Play Protect program should prevent the malware from appearing in its official Google Play app store, ZDnet reported.