Google’s security feature, Google Play Protect is doing its job perfectly it seems. The security feature uses machine learning and app usage analysis to check whether the device is armed with any potentially harmful apps. Recently, Google Play Protect helped Google researchers to spot a new illusive family of Android spyware that steals information from the user’s device. The spyware infected targeted devices in African countries, specifically in Kenya, Nigeria, and Tanzania.
The ill-famed spyware, dubbed as Tizi is a fully-featured Android backdoor. Tizi has the best level of rooting capability that helps in installing a spyware to flick sensitive data from the popular social media applications. Once installed, this innocent looking app gains root access of the infected device to install spyware, the spyware takes full control of the command-and-control servers and sends SMS text message with the Global Positioning System coordinates (GPS) of the infected device to specific numbers.
Tizi can exploit a number of previously disclosed vulnerabilities in older devices, and Android versions. The list of vulnerabilities goes like: CVE-2012-4220, CVE-2013-2596, CVE-2013-2597, CVE-2013-2595, CVE-2013-2094, CVE-2013-6282, CVE-2014-3153, CVE-2015-3636 and CVE-2015-1805.
The spyware is designed in such a way that even if the backdoor fails to take control of the root access on the infected device due to all the listed vulnerabilities being patched, Tizi attempts to perform some tricky actions by asking the user to grant permissions for several tasks.
So, next time your innocent phone pops up a permission window; think twice before you allow. It might be Tizi.