14 DAY TRIAL // Google discovered a new form of malware injected into a series of apps published on the Google Play Store and capable of stealing sensitive data from compromised devices.
The search firm says it first detected the Tizi backdoor in September 2017 when Google Play Protect discovered an application with rooting capabilities on an Android device downloading an app from the Play store. Google Play Protect is the company’s own security solution for apps published in the store, and it automatically scans every download to make sure no malware is injected.
After a thorough inspection aimed at apps from the same developer, Google discovered that the malware writer was also using a website and social media to link to other downloads from Google Play also deploying the payload on devices.
Google explains the malware primarily targeted Android users in Africa and was capable of recording calls from instant messaging apps like WhatsApp and Skype, send and receive SMS messages, get access to call, logs, and photos, record ambient audio and take pictures with the camera without letting the user know.
Up-to-date devices completely secure
On the good side, Tizi is exploiting vulnerabilities in Android that were patched in April 2016, so in case you’re using a device that’s fully up-to-date, you’re completely secure. Of course, this raises concerns among users whose developers release updates for their devices at a slower pace, as it’s the case of cheap Chinese devices that barely get security patches after launch.
“Devices with this patch level or later are far less exposed to Tizi's capabilities. If a Tizi app is unable to take control of a device because the vulnerabilities it tries to use are all patched, it will still attempt to perform some actions through the high level of permissions it asks the user to grant to it, mainly around reading and sending SMS messages and monitoring, redirecting, and preventing outgoing phone calls,” Google says.
Google used the Play Store to remove the infected apps from a total of 1,300 compromised devices, and the company recommends users to check permissions for each installed app, secure the lock screen, update devices, and enable Google Play Protect.
