Research

Tizi: Google detects spy app stealing info from social media, phones

Tizi: Google detects spy app stealing info from social media, phones

The security team of Google has discovered a brand new type of Android malware. The individual who allegedly developed Tizi created a website and social media accounts to trick users into installing it from Google Play and third-party websites. During this process, they found even more Tizi-infected apps, some of them going as far back as October 2015. They found a trojanized app called "MyTizi" installed on a user's device via the official Google Play Store that could root devices by exploiting older vulnerabilities.

To record calls on Skype, WhatsApp and Viber.

Sending and intercepting SMS messages on the infected gadgets. It could record calls from WhatsApp, Viber, and Skype, send and receive SMS messages, and access calendar events, call log, contacts, photos, Wi-Fi encryption keys. Additionally, it could send out an SMS message with the device's Global Positioning System coordinates, take photos with the phone's camera and even record audio with its microphones.

So, an app that bills itself as a photo editor, VPN, or file explorer can not also cram a new lock screen on your device that's infested with ads.

Subsequent communications with the attacker's C&C server takes place via HTTPS, or in some isolated cases, via MQTT. First, it allows users to see data usage on an hourly, daily, weekly or monthly basis and get personalised recommendations for how they can save more.

More news: Which Buccaneers QB will Packers face on Sunday?

"Most of these vulnerabilities target older chipsets, devices, and Android versions".

In the updated policy text, Google says specifically that apps "may not introduce ads or features that monetize the locked display of a device".

How to protect your Android device from spyware? The company has updated its developer monetization page to clearly highlight that unless the exclusive goal of an app is that of a lockscreen, "apps may not introduce ads of features that monetize the locked display of a device".

The good news is that Google fixed the vulnerabilities in devices which could have been affected by Tizi with new software codes after April 2016.

It is suggested to follow the below mentioned steps to keep your Android device safe from spyware. To be clear, Google isn't banning lock screen ads entirely. So, unless you're making a lockscreen app, you can only display ads within your app.