Google discovered new Spyware on Android called Tizi

Recently, Google's security team discovered a new malware on Android called Tizi and mainly targeted users in African countries.

Tizi is a type of spyware (spyware) that performs many activities but mainly focuses on social networking applications.

According to security engineers of the Google Threat Analysis Group and Google Play Protect, Tizi can be used for the following purposes:

1. Steal data from social networking applications like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn and Telegram.
2. Record calls from WhatsApp, Viber and Skype.
3. Record sound around the microphone.
4. Silently take screenshots without informing users.
5. Send and block SMS messages on infected devices.
6. Access to contacts, calendar, call log, photo library, Wi-Fi encryption and applications installed locally on the device.
7. When first infecting users, the software sends the device's GPS coordinates to the C&C server via SMS.
8. An attacker often makes subsequent communications with the C&C server via HTTPS or in some isolated cases via MQTT.
9. Can root devices through the following vulnerabilities: CVE-2012-4220, CVE-2013-2596, CVE-2013-2597, CVE-2013-2595, CVE-2013-2094, CVE-2013-6282, CVE -2014-3153, CVE-2015-3636, CVE-2015-1805.

Google engineers said they discovered Tizi spyware in September 2017 through Google Play Protect - Android application security scanning application on Google Play Store.

After investigating older versions of the Play Store app, the researchers found that many applications were attacked by Tizi since October 2015.

Google said it suspended the app's developer account, then used Google Play Store to uninstall Tizi applications on infected devices.

According to the Google data collected, most of those infected users are located in African countries, although it is unclear whether the distributor Tizi is in Africa.

Google discovered new Spyware on Android called Tizi Picture 1

Google also said that Tizi spyware is based on vulnerabilities that only work on older Android devices because new versions often have a higher security layer.

In addition, Google suggests the following steps to protect your Android device from malware:

1. Check permissions: Be careful with applications that require unreasonable access. For example: Flashlight application will not need access to send SMS.
2. Turn on the security lock screen: Select your easy-to-remember PIN, drawing or password, but hard to guess for others.
3. Device update: Update devices regularly to own the latest security patches.
4. Using Google Play Protect: Make sure you have activated the Google Play Protect application.

See also: Google Play Protect - a useful feature to help protect Android devices