In an attempt to protect Android users through malware as well as shady apps, Google has been continuously working to detect as well as remove malicious apps through your devices using its newly launched Google Play Protect service.
Google Play Protect—a security feature in which uses machine learning as well as app usage analysis to check devices for potentially harmful apps—recently helped Google researchers to identify a completely new deceptive family of Android spyware in which was stealing a whole lot of information on users.
Discovered on targeted devices in African countries, Tizi is actually a fully-featured Android backdoor with rooting capabilities in which installs spyware apps on victims’ devices to steal sensitive data through well-known social media apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, as well as Telegram.
“The Google Play Protect security team discovered This specific family in September 2017 when device scans found an app with rooting capabilities in which exploited old vulnerabilities,” Google said in a blog post. “The team used This specific app to find more applications from the Tizi family, the oldest of which is actually through October 2015.”
Most Tizi-infected apps are being advertised on social media websites as well as 3rd-party app stores, tricking users into installing them.
Once installed, the innocent looking app gains root access of the infected device to install spyware, which then first contacts its command-as well as-control servers by sending an SMS text message with the GPS coordinates of the infected device to a specific number.
Here’s How Tizi Gains Root Access On Infected Devices
For gaining root access, the backdoor exploits previously disclosed vulnerabilities in older chipsets, devices, as well as Android versions, including CVE-2012-4220, CVE-2013-2596, CVE-2013-2597, CVE-2013-2595, CVE-2013-2094, CVE-2013-6282, CVE-2014-3153, CVE-2015-3636, as well as CVE-2015-1805.
If the backdoor unable to take root access on the infected device due to all the listed vulnerabilities being patched, “the item will still attempt to perform some actions through the high level of permissions the item asks the user to grant to the item, mainly around reading as well as sending SMS messages as well as monitoring, redirecting, as well as preventing outgoing phone calls, ” Google said.
Tizi spyware also been designed to communicate with its command-as well as-control servers over regular HTTPS or using MQTT messaging protocol to receive commands through the attackers as well as uploading stolen data.
The Tizi backdoor contains various capabilities common to commercial spyware, such as
- Stealing data through well-known social media platforms including Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, as well as Telegram.
- Recording calls through WhatsApp, Viber, as well as Skype.
- Sending as well as receiving SMS messages.
- Accessing calendar events, call log, contacts, photos, as well as list of installed apps
- Stealing Wi-Fi encryption keys.
- Recording ambient audio as well as taking pictures without displaying the image on the device’s screen.
So far Google has identified 1,300 Android devices infected by Tizi as well as removed the item.
Majority of which were located in African countries, specifically Kenya, Nigeria, as well as Tanzania.
How to Protect your Android device through Hackers?
Such Android spyware can be used to target your devices as well, so you if own an Android device, you are strongly recommended to follow these simple steps in order to protect yourself:
- Ensure in which you have already opted for Google Play Protect.
- Download as well as install apps only through the official Play Store, as well as always check permissions for each app.
- Enable ‘verify apps’ feature through settings.
- Protect your devices with pin or password lock to ensure nobody can gain unauthorized access to your device when remains unattended.
- Keep “unknown sources” disabled while not using the item.
- Keep your device always up-to-date with the latest security patches.