OMG! Google Detects New Android Malware That Can Spy On Users
OMG! Google Detects New Android Malware That Can Spy On Users
Android has continually been plagued with harmful spyware apps and the newest backdoor that has been discovered by Google’s security team is “Tizi”. Tizi was found to target user devices in specific African countries but Tizi-infected apps have now been removed or blocked from the Play Store.
Recently, the security team of the tech giant Google has discovered a new variety of malware for the well-known and most widely used Android operating system. This malware has been used mainly for the users from African countries, but the rest of the world is not exempt.
The security team of Google has discovered a new variety of malware for Android, called Tizi. It has been used mainly for users from African countries, but the rest of the world is not exempt. Categorized as spyware, Google indicates that Tizi can carry out a wide range of operations. But most focus on the applications and activities of social networks. Just what most users use in their mobile devices.
According to the tech giant Google’s Threat Analysis Group and the securityengineers of Google Play Protect, Tizi can be used for the following malicious purposes:-
It can steal data from popular social networking applications such as Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn and Telegram.
- It can record calls from WhatsApp, Viber and Skype.
- Record environmental audio through the microphone.
- It can take pictures of the screen without alerting the user.
- Send and intercept SMS messages on infected devices.
- It can access contacts, calendar events, call logs, photos, Wi-Fi encryption keys and a list of all locally installed applications.
- When it first infects users, it sends the GPS coordinates of the device via SMS to a server.
- Subsequent communications with the C & C server of the attacker are made through HTTPS or, in some isolated cases, through MQTT.
The tech giant Google’s engineers say they detected the Tizi spyware in September 2017. Automatic scans with Google Play Protect (an Android application security scanner built into the Google Play Store application) discovered an application infected with Tizi that was installed on the device of the user through the official Google Play store.
After researching previous versions of apps loaded on the Play Store, they detected more applications infected with Tizi that date from October 2015.
The tech giant Google says that it suspended the application’s developer account and then used the Google Play Store application to uninstall Tizi’s applications from the infected devices
According to the data collected by Google, the majority of infected users were in African countries. Although it is not clear if the author or distributor of Tizi is also on this continent.
In addition, there was no substantial effort to trick users into installing mass applications. And security researchers believe that spyware was probably used in attacks targeting a small, but well-chosen, number of targets.
Google Discovers New Android Spyware Called Tizi: Here’s What You Need To Know
How to protect yourself?
In addition, Google also recommends the following five steps to keep Android devices safe from malware:-
- Verify permissions: you have to be careful with applications that request irrational permissions. For example, a flashlight application should not need access to send messages.
- Enable a secure lock screen: choose a PIN, pattern or password that is easy to remember and hard to guess for others.
- Update the device: keep the device updated with the latest security patches.
- Location of the device: use the option to find the device. It is much more likely that we lose our mobile than installing a PHA.
- Google Play Protect: make sure Google Play Protect is enabled.
In its official security blog post, Google describes that Tizi is a fully-featured backdoor with root access which installs spyware on your Android device to steal sensitive social media and activity data. The spyware was said to be exploiting older vulnerabilities and has existed in the Play Store since October 2015. Google was, however only able to link the complete Tizi family of spyware-laden apps, which spread to most parts of the world, just recently.
The working of Tizi is no different from other spyware apps, the only difference being that it targets specific apps on your Android device. Once Tizi gains root access to your device, it starts stealing sensitive personal data from your social media channels such as Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and even the ultra-secure Telegram. The spyware also forwards your GPS coordinates to its command and control servers via a message.
While all this already sounds pretty scary, Tizi is also known to be capable of recording WhatsApp calls, the ambient audio from the microphone and even take pictures from the camera app without the same showing up on the screen of your Android device. This is an exploitation of your privacy, but Google has already boosted their on-device security services for such phishing attacks.
If you’ve been wondering what steps you should take to prevent an unwanted intrusion into your social life, then the first step requires you to use an updated Android device. The Tizi malware exploits old vulnerabilities, which have long been fixed, so you should also be stringent in doling out permission to installed apps. You should enable Google Play Protect to make sure you’re installing only Google-verified apps. It would be a wise decision to not install apps from unknown sources, so turn off that setting as well.
With the Tizi spyware family being under Google security team’s radar, it is unlikely for you to install any random affected app. But, we will still suggest you keep an eye out for phishy apps that want too many permissions (of which many are unwanted) to keep your Android device free of the Tizi spyware.
So, what do you think about this? Simply share your views and thoughts in the comment section below.
No comments: