In a bid to assure users that it is serious about tackling the menace of spy apps on its Android platform, Google disclosed that it has detected an app called ‘Tizi’, which had been illegally snooping on users’ social media and phone data such as call records, and stealthily taking pictures without the users’ knowledge.
In its blog, Google explained,”Tizi is a fully featured backdoor that installs spyware to steal sensitive data from popular social media applications.” The Google Play Protect security team discovered this backdoor family in September 2017 when it was found exploiting old vulnerabilities. This led the team to more Tizi-like apps, of which one dated back to October 2015. The app was used in a targeted attack against devices in African countries, specifically Kenya, Nigeria, and Tanzania.
Google has now disabled Tizi-infected apps on affected devices. It has also notified users of all known affected devices, while the developers’ accounts have been suspended from the Play Store. The security team has further used the information and signals from the malicious app to update Google’s on-device security services and the systems that search for the potentially harmful applications.
What comes across as an even dangerous consequence of the app’s existence is that the early Tizi variants didn’t have rooting capabilities or obfuscation, but later variants did, making the device more vulnerable than before. As Google explains, “After gaining root, Tizi steals sensitive data from popular social media apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram.”
The backdoor has capabilities which are similar to commercial spyware, such as recording calls from WhatsApp, Viber, and Skype; sending and receiving SMS messages; and accessing calendar events, call log, contacts, photos, Wi-Fi encryption keys, and a list of all installed apps. Tizi apps can also record ambient audio and take pictures without displaying the image on the device’s screen.
Meanwhile, a Microsoft spokesperson is quoted in a PTI report as saying, “The vulnerabilities referenced relate to Android and Linux. As the blog suggests, we advise customers who use Skype on these platforms to ensure their systems are up to date. Windows users are not affected.”
Google also advises users to take precautionary steps to avoid potential attacks. By far, the company has identified around 1,300 devices affected by Tizi. Even as the attack has not been identified as impacting users in India, you could take steps such as checking for specific app permissions, enabling secure lock screen, keeping the device up-to-date, enabling Google Play Protect, and also practice finding your device; this is because one is far more likely to lose their device than install a PHA.