We’ve reported in the past on the things Google does to keep Android smartphones and tablets safe from malware — for example, the Play Store detects Potentially Harmful Applications (PHAs) using a combination of algorithms and human screening. But sometimes new malware slips through the cracks. Case in point? Tizi, a spyware program that targets a small number of devices in specific geographic areas.
Tizi is part of a larger family of malware discovered by the Google Play Protect security team in September, which spotted it on device scans of root applications that exploited old vulnerabilities. After conducting an investigation this year, the team found more applications in the Tizi family, the oldest of which dated back to October 2015.
Tizi was used in targeted attacks against 1,300 devices in a number of African countries, particularly Kenya, Nigeria, and Tanzania. The early versions didn’t have rooting capabilities or obfuscate their code, but the malware, which works by stealing sensitive data from popular social media apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram, gained those features over time.
That’s not the scariest part. The newest version of Tizi executes several info-stealing processes common to commercial spyware, including recording calls in WhatsApp, Viber, and Skype; sending and receiving SMS messages; and accessing calendar events, call logs, contacts, photos, Wi-Fi encryption keys, and a list of all installed apps. Tizi’s developer went as far as to create a website and used social media to drive app installs from Google Play and third-party websites.
But Tizi shouldn’t be a threat much longer. With Google’s investigation now concluded, the search giant updated its on-device security services as well as the server-based systems that search for PHAs. The changes will help discover this kind of malware in the future, Google says.
For a technical breakdown of Tizi and a five-step checklist about how to reduce your chance of being affected by it, follow the source link.
Source: Google Security Blog