The security team of Google has discovered a brand new type of Android malware. Called Tizi, the malware has so far been used mainly to target users in African nations.
Tizi is categorized as spyware, meaning it could access data in your device.
According to Google, Tizi’s capabilities are many though its main focus is on social media applications and activities. As per the security engineers at Google Threat Analysis and Google Play Protect, Tizi could be put to use for the following purposes:
- Stealing information from social media apps like Twitter, WhatsApp, Skype, Telegram, LinkedIn, Viber and Facebook.
- To record calls on Skype, WhatsApp and Viber.
- Recording ambient audio using microphone.
- To take pictures of the screen without letting the user know.
- Sending and intercepting SMS messages on the infected gadgets.
- Accessing calendar events, photos, call logs, wi-fi encryption keys and also apps that are locally installed in the device.
- When the Spyware infects a device first, it sends the GPS coordinates of the device through SMS to a C&C server(C& C servers are Command and Control servers that are used to remotely send commands to botnets, which are networks of internet connected devices).
- Any subsequent communication with the attacker’s C&C server happens through HTTPS and in certain isolated cases, through MQTT (both HTTPS and MQTT are communication protocols used over the internet).
The spyware was spotted by Google engineers in September 2017.
It was found rather serendipitously when automatic scans done with Google Play Protect — the security scammer in the Google play Store app — came across an app infected by Tizi. The infected app was installed in a user’s device through the Google Play Store.
This led the Google team to look into the older versions of the apps on the Play Store. During this process, they found even more Tizi-infected apps, some of them going as far back as October 2015.
According to Google, they then uninstalled the Tizi apps from the infected devices using the Google Play Store app.
Meanwhile, data gathered by Google shows that most of the infected users were in African nations. However, it’s not clear if the author/distributor of Tizi is located in the African continent.
So far, there has been no significant effort to trick people into installing the apps in large numbers. Also, security researchers are of the view that the spyware was most probably used for targeted attacks against a limited number of people chosen for some unknown reason.
According to Google, Tizi’s capabilities are based on vulnerabilities seen only on older Android devices.
All the same, as an extra-precaution to keep your Android device safe from the malware, Google recommends the following steps:
- Check permissions: Be careful about apps that request permissions that strike you as unreasonable. For instance, a flashlight app would have no need to access anything related to sending SMS messages.
- Enable secure lock screen: Google recommends you to pick a pattern, PIN or password that’s easy for you to remember but which would be hard for anyone else to guess.
- Keep your device up-to-date: Having the latest security patches in your device is a great idea, says Google.
- Google Play Protect: Ensure that you have enabled Google Play Protect.
