Google Removes ‘Tizi’ App: Google claims that it has detected an app named ‘Tizi’ which is stealing the data from users who install it. The app Tizi is a fully featured backdoor that installs spyware to steal sensitive data from popular social media applications, as far as google claims. The Google Play Protect security team discovered this family in September 2017 when device scans found an app with rooting capabilities that exploited old vulnerabilities.
The company has removed the app from Play Store, notified all known affected devices and suspended the account of the app developer, the post dated November 27 said. The post said that earlier variant of Tizi did not have rooting capabilities but it developed later on and thereafter started stealing sensitive information from devices. It also claims that the app also steals pictures without even displaying to user.
Google Removes ‘Tizi’ App from Playstore:
Google posted in it’s blog that, Tizi steals sensitive data from popular social media apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram. It usually first contacts its command-and-control servers by sending an SMS with the device’s GPS coordinates to a specific number.
It further added, The backdoor contains various capabilities common to commercial spyware, such as recording calls from WhatsApp, Viber, and Skype; sending and receiving SMS messages; and accessing calendar events, call log, contacts, photos, Wi-Fi encryption keys, and a list of all installed apps. Tizi apps can also record ambient audio and take pictures without displaying the image on the device’s screen.
With the picture posted on its blog post, the main country which was hit by this app is Kenya. Tizi, a backdoor family with some rooting capabilities that was used in a targeted attack against devices in African countries, specifically: Kenya, Nigeria, and Tanzania. We’ll talk about how the Google Play Protect and Threat Analysis teams worked together to detect and investigate Tizi-infected apps and remove and block them from Android devices.