Google Play Users MUST Update Android Devices to Avoid Tizi Spyware

Android users, listen up! There is a new family of malware on the rise, and outdated Android devices are at risk of being corrupted by dangerous threats. As discussed in the 2018 threats report, it is crucial to keep an eye out for malware that disguises as normal apps on the Google Play store. In the recent past, Android users were dealing with the Sockbot Trojan that was represented via 8 different apps found on the reputable app store. Unfortunately, as soon as one threat is taken down, it seems that a new one emerges right away. Now is the turn for the vicious Tizi spyware that was found to have infected at least 13,000 Android devices already. Without a doubt, this is a beast that must be tamed ASAP.



Where Does Tizi Come From and How Does it Look?

Although we are just learning about Tizi malware, the oldest version of this threat dates back to October 2015. This information has been recently made public by Anthony Desnos, Megan Ruthven, and Richard Neal, who are security engineers at the Google Security Blog. According to the report, Tizi is a backdoor infection that is capable of installing spyware. The creator of this threat can use it to steal sensitive information available on the social-media apps that are available on the corrupted device. The threat is capable of rooting itself into the device to avoid detection and removal, and it exploits one of nine vulnerabilities to initiate malicious activity. These vulnerabilities include:

  • CVE-2012-4220
  • CVE-2013-2094
  • CVE-2013-2595
  • CVE-2013-2596
  • CVE-2013-2597
  • CVE-2013-6282
  • CVE-2014-3153
  • CVE-2015-1805
  • CVE-2015-3636

It was discovered that the mastermind behind Tizi malware used social-engineering tools to push unsuspecting users into downloading apps hosting the threat. To trick users into installing malware, the developer had to come up with a way to represent it in a clandestine and alluring manner. According to the ZDNet researcher Liam Tung, an app called “MyTizi” was created. It was introduced to Android users as a workout app, which was meant to attract users interested in tracking their daily physical activity. An unknown number of other apps have been set up for the same purpose. Since then, of course, they have been removed from Google Play by the Google Play Protect team. Unfortunately, before the discovery was made, and before security engineers managed to recognize different apps as part of one big family, 13,000 devices were corrupted in Kenya, Nigeria, Tanzania, and USA. As you can see in the diagram created by the Google Security Blog engineers, Kenyan Android users were hit most often.


Security Threats Linked to Tizi Spyware

Tizi is not just another potentially unwanted program that offers nothing useful. On the contrary, if this threat has managed to slither into your Android device, your virtual security is at great risk. First and foremost, it can steal sensitive information from various social-networking apps, including Facebook, WhatsApp, Skype, and Twitter. The spyware components of the infection can silently record calls, read the data on your device (e.g., contacts), as well as read, send, and receive SMS without your notice. This malware can also record audio and video by hijacking your microphone and camera. When it does that, it can also silently take pictures. Although it is not clear what exactly the attackers behind Tizi would do with the content they record, undoubtedly, you do not want someone spying on you and tracking every move you make. Also, there is a risk that the information stolen from your device could be used to steal your virtual identity and impersonate you online, or even hijack your virtual accounts.

How to Stop Tizi Malware

The list of vulnerabilities Tizi exploits are listed above, and engineers at the Google Security Blog inform that all of them have been patched with an Android security update released in April 2016. That means that if your device has not been updated since then, you are at greater risk of letting in the malicious spyware. Newer versions of this threat might not be included in this update, but the Google Play Protect team is working hard to disable all of them. Speaking of Google Play Protect, if you want the apps you choose to install to be analyzed before the installation is completed, you must enable it. As always, we also have to remind you that using one simple password for all of your accounts is a bad idea. If Tizi manages to retrieve the password from one account, it then can hijack all of them. To make your virtual accounts stronger, create strong unique passwords for all of them. Also, you need to be cautious about the apps you install. Check the reviews, and always search for information that could help you confirm whether or not the app is legit and trustworthy. When downloading apps, stick to Google Play, but remember that malicious apps could be represented via this app store as well.


Desnos A., Neal R., and Ruthven M. November 27, 2017. Tizi: Detecting and blocking socially engineered spyware on Android. Google Security Blog.

Tung, L. November 28, 2017. Google torches this nasty Tizi Android spyware it found on Play Store. ZDNet.