A backdoor known as Tizi has been detected by Google Play Protect that installs spyware onto Android devices in an attempt to steal data from popular social media applications.
The Google Play Protect security team first discovered this family in September 2017 when they detected an application with root abilities. After that, they found many other applications in the Tizi family with same malicious behaviour.
According to Google:
The team used this app to find more applications in the Tizi family, the oldest of which is from October 2015. The Tizi app developer also created a website and used social media to encourage more app installs from Google Play and third-party websites.
Once the backdoor installed, the fake app gains root access of the infected device to install spyware, then send an SMS message with the GPS location of the infected device to a particular number.
The Tizi backdoor contains many abilities such as recording voice calls from WhatsApp, Skype, and Viber; sending and receiving SMS text messages; and obtaining calendar events, call logs, contacts, photos, Wi-Fi passwords, and a list of all installed applications. The backdoor can also record ambient audio and take pictures without displaying the image on the device’s screen.
We recommend these 4 basic steps:
– Check permissions.
– Enable a secure lock screen.
– Update your device.
– Ensure Google Play Protect is enabled.