Skip to main content

WARNING: Android Spyware Detected Which Spies on Skype, Whatsapp Calls

In order to protect Android users from malware and suspicious apps, Google has been continuously working to detect and remove malicious apps from your devices using its newly launched Google Play Protect service.
Google Play Protect-- a security feature that uses machine learning and app usage analysis to check devices for possibly harmful apps-- recently helped Google researchers to recognize a new deceptive family of Android spyware that was stealing a whole lot of information on users.
Found on targeted devices in African countries, Tizi is a fully-featured Android backdoor with rooting capabilities that installs spyware apps on victims' devices to steal supersensitive data from popular social media apps like WhatsApp, Twitter, Facebook, Linkedin, Skype, Viber, and Telegram.
" The Google Play Protect security team discovered this family in September 2017 when device scans found an app with rooting capabilities that exploited old vulnerabilities," Google said in a blog post. "The team used this app to locate more applications in the Tizi family, the oldest of which is from October 2015."
Most Tizi-infected apps are being advertised on social media websites and 3rd-party app stores, deceiving users into installing them.
Once installed, the innocent looking app acquires root access of the infected device to install spyware, which then first contacts its command-and-control servers by sending an SMS text message with the GPS coordinates of the infected device to a specific number.

Here is How Tizi Gets Root Access On Infected Devices:

For gaining root access, the backdoor exploits previously disclosed vulnerabilities in older chipsets, devices, and Android versions, including CVE-2012-4220, CVE-2013-2596, CVE-2013-2597, CVE-2013-2595, CVE-2013-2094, CVE-2013-6282, CVE-2015-1805, cve-2014-3153, and cve-2015-3636.
If the backdoor not able to get root access on the infected device due to all the listed vulnerabilities being patched, "it will still attempt to perform some actions through the high level of permissions it asks the user to grant to it, mainly around reading and sending SMS messages and monitoring, redirecting, and preventing outgoing phone calls," Google said.
Tizi spyware also been developed to communicate with its command-and-control servers over normal HTTPS or using MQTT messaging protocol to receive commands from the attackers and uploading stolen data.
The Tizi backdoor contains various abilities common to commercial spyware, such as

  • Stealing data from popular social media platforms including Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram.
  • Recording calls from WhatsApp, Viber, and Skype.
  • Receiving and sending SMS messages.
  • Gain access to calendar events, call log, contacts, images, and list of installed apps
  • Stealing Wi-Fi encryption keys.
  • Recording ambient audio and taking pictures without displaying the image on the device's screen.

Far Google has identified 1,300 Android devices infected by Tizi and removed it.
Majority of which were located in African countries, specifically Kenya, Nigeria, and Tanzania.

How to Protect your Android device from Hackers?

Such Android spyware can be used to target your devices as well, so you if own an Android device, you are strongly encouraged to follow these simple steps in order to secure yourself:

  • Ensure that you have already opted for Google Play Protect.
  • Download and install apps only from the official Play Store, and always check permissions for each app.
  • Enable 'verify apps' feature from settings.
  • When remains unattended, protect your devices with pin or password lock so that nobody can gain unauthorized access to your device.
  • Keep "unknown sources" disabled while not using it.
  • Keep your device always up-to-date with the latest security patches.

Comments

Popular posts from this blog

Introduction to Data Science: What is Big Data?

What Is Big Data First, we will discuss how big data is evaluated step by step process. Evolution of Data How the data evolved and how the big data came. Nowadays the data have been evaluated from different sources like the evolution of technology, IoT(Internet of Things), Social media like Facebook, Instagram, Twitter, YouTube, many other sources the data has been created day by day. 1. Evolution of  Technology We will see how technology is evolved as we see from the below image at the earlier stages we have the landline phone but now we have smartphones of Android, IoS, and HongMeng Os (Huawei)  that are making our life smarter as well as our phone smarter. Apart from that, we have heavily built a desktop for processing of Mb's data that we were using a floppy you will remember how much data it can be stored after that hard disk has been introduced which can stored data in Tb. Now due to modern technology, we can be stored data in the cloud as well. Similarly, nowadays we noticed …

How Big Data Analytics Can Help You Improve And Grow Your Business?

Big Data Analytics There are certain problems that can only solve through big data. Here we discuss the field big data as "Big Data Analytics". The big data came into the picture we never thought how commodity hardware is used to store and manage the data which is reliable and feasible as compared to the costly sources. Now let us discuss a few examples of how big data analytics is useful nowadays. When you go to websites like Amazon, Youtube, Netflix, and any other websites actually they will provide some field in which recommend some product, videos, movies, and some songs for you. What do you think about how they do it? Basically what kind of data they generated on these kind websites. They make sure to analyze properly. The data generated is not small it is actually big data. Now they analysis these big data they make sure whatever you like and whatever you are the preferences accordingly they generate recommendations for you. If you go to Youtube you have noticed it kn…

AI Vs Machine Learning Vs Deep Learning

AI Vs Machine Learning Vs Deep Learning Artificial intelligence, deep learning and machine learning are often confused with each other. These terms are used interchangeably but do they do not refer to the same thing. These terms are closely related to each other which makes it difficult for beginners to spot differences among them. The reason I think of this puzzle is that AI is classified in many ways. It is divided into subfields with respect to the tasks AI is used for such as computer vision, natural language processing, forecasting and prediction, with respect to the type of approach used for learning and the type of data used. Subfields of Artificial Intelligence have much in common which makes it difficult for beginners to clearly differentiate among these areas. Different approaches of AI can process similar data to perform similar tasks. For example Deep learning and SVM both could be used for object detection task. Both have pros and cons. In some cases Machine Learning is …