Google has been continuously working to detect and remove malicious apps from your devices using its newly launched Google Play Protect service, in an attempt to protect Android users from malware and shady apps.
Google Play Protect—a security feature that uses app usage analysis and machine learning to check devices for potentially harmful apps—recently helped Google to identify a new deceptive family of Android spyware that was stealing a whole lot of information on users.
Discovered on targeted devices in African countries, Tizi is a fully-featured Android backdoor with rooting capabilities that installs spyware apps on victims’ devices to steal sensitive data from popular social media apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram.
“The Google Play Protect security team discovered this family in September 2017 when device scans found an app with rooting capabilities that exploited old vulnerabilities,” Google said in a blog post. “The team used this app to find more applications in the Tizi family, the oldest of which is from October 2015.”
If the backdoor unable to take root access on the infected device due to all the listed vulnerabilities being patched, “it will still attempt to perform some actions through the high level of permissions it asks the user to grant to it, mainly around reading and sending SMS messages and monitoring, redirecting, and preventing outgoing phone calls, ” Google said.
Tizi spyware also been designed to communicate with its command-and-control servers over regular HTTPS or using MQTT messaging protocol to receive commands from the attackers and uploading stolen data.
The Tizi backdoor contains various capabilities common to commercial spyware, such as
- Stealing data from popular social media platforms including Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram.
- Recording calls from WhatsApp, Viber, and Skype.
- Sending and receiving SMS messages.
- Accessing calendar events, call log, contacts, photos, and list of installed apps
- Stealing Wi-Fi encryption keys.
- Recording ambient audio and taking pictures without displaying the image on the device’s screen.
So far Google has identified 1,300 Android devices infected by Tizi and removed it.Majority of which were located in African countries, specifically Kenya, Nigeria, and Tanzania.
How to Protect your Android device?
These Android spyware can be used to target your devices as well, so you if own an Android device, you are strongly recommended to follow these simple steps in order to protect yourself:
- Ensure that you have already opted for Google Play Protect.
- Download and install apps only from the official Play Store, and always check permissions for each app.
- Enable ‘verify apps‘ feature from settings.
- Protect your devices with pin or password lock so that nobody can gain unauthorized access to your device when remains unattended.
- Keep “unknown sources” disabled while not using it.
- Keep your device always up-to-date with the latest security patches.
- Use a Security Software to help in removing the app