Google play protect is well known for its new AI-powered malware detection mechanism, Google Play Protect Service recently detected an Android spyware dubbed as “Tizi.”
Targeting devices in African countries, Tizi comes with fully featured android rooting and data collection capabilities. It creates a backdoor in the affected device and sends sensitive information related to social media and other applications to its Command and Control server. The malware is believed to be present in applications since October 2015.
Here is How Tizi Works
According to Google’s online security blog post, Tizi gains root access by exploiting the following vulnerabilities.
- CVE-2012-4220
- CVE-2013-2596
- CVE-2013-2597
- CVE-2013-2595
- CVE-2013-2094
- CVE-2013-6282
- CVE-2014-3153
- CVE-2015-3636
- CVE-2015-1805
Although these all vulnerabilities are patched by the update release of the 1st quarter of 2016, Tizi will still attempt to gain permissions from the user itself to let the app allow to record audio, SMS and use camera. You can call it a stubborn spyware which will make sure that once it is in then it will do what it is meant to do. Tizi mainly focused on users social media data and other related data which can be misused.
Once it gains root access to the device it will connect to its command and control server and establishes a connection to it to transfer the data it has collected from the device.
Here is what google said “If a Tizi app is unable to take control of a device because the vulnerabilities it tries to use are all patched, it will still attempt to perform some actions through the high level of permissions it asks the user to grant to it, mainly around reading and sending SMS messages and monitoring, redirecting, and preventing outgoing phone calls.”
Here is How to be Secure
- Always keep your phone updated.
- Check Permissions and nature of the App before installing it.
- Make sure you have enabled Google Play Protect.
- Keeping “unknown services” disabled.
- Having a good screen lock password is always a Plus.
source: Google Security Blog
[amazon_link asins=’6020281809′ template=’ProductCarousel’ store=’hackvisi-21′ marketplace=’UK’ link_id=’d2ae8fe9-d82e-11e7-b69b-5dbcfb7c1498′]