Tizi, social network spyware
According to the tech giant Google’s Threat Analysis Group and the security engineers of Google Play Protect, Tizi can be used for the following malicious purposes:- It can steal data from popular social networking applications such as Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn and Telegram.
It can record calls from WhatsApp, Viber and Skype. Record environmental audio through the microphone. It can take pictures of the screen without alerting the user. Send and intercept SMS messages on infected devices. It can access contacts, calendar events, call logs, photos, Wi-Fi encryption keys and a list of all locally installed applications. When it first infects users, it sends the GPS coordinates of the device via SMS to a server. Subsequent communications with the C & C server of the attacker are made through HTTPS or, in some isolated cases, through MQTT.
The tech giant Google’s engineers say they detected the Tizi spyware in September 2017. Automatic scans with Google Play Protect (an Android application security scanner built into the Google Play Store application) discovered an application infected with Tizi that was installed on the device of the user through the official Google Play store. After researching previous versions of apps loaded on the Play Store, they detected more applications infected with Tizi that date from October 2015. The tech giant Google says that it suspended the application’s developer account and then used the Google Play Store application to uninstall Tizi’s applications from the infected devices. According to the data collected by Google, the majority of infected users were in African countries. Although it is not clear if the author or distributor of Tizi is also on this continent. In addition, there was no substantial effort to trick users into installing mass applications. And security researchers believe that spyware was probably used in attacks targeting a small, but well-chosen, number of targets. The tech giant Google says that spyware capabilities are based on the use of old exploits. These only work on older outdated Android devices. “All vulnerabilities listed are fixed on devices with a security patch level of April 2016 or later, and most of them were patched considerably before this date”.
How to protect yourself?
In addition, Google also recommends the following five steps to keep Android devices safe from malware:-
Verify permissions: you have to be careful with applications that request irrational permissions. For example, a flashlight application should not need access to send messages. Enable a secure lock screen: choose a PIN, pattern or password that is easy to remember and hard to guess for others. Update the device: keep the device updated with the latest security patches. Location of the device: use the option to find the device. It is much more likely that we lose our mobile than installing a PHA. Google Play Protect: make sure Google Play Protect is enabled.
So, what do you think about this? Simply share your views and thoughts in the comment section below.