With the announcement of Android 8 Oreo, Google also launched Play Protect — a new program that is there to perform periodic checks of the software that’s on your phone and the apps that are in the Play Store, looking for evil-doing malware. Recently, Google found a family of spyware apps that sound really, really scary.
The apps were all carriers of the Tizi backdoor — a piece of malware, which has been around since 2015. Through exploits in the Android operating system, Tizi was able to gain root access to the device and snoop about the user’s pictures, phone log, and chat logs for popular apps, such as Facebook, WhatsApp, Viber, and even the encrypted messaging service Telegram! Additionally, it could send out an SMS message with the device’s GPS coordinates, take photos with the phone’s camera and even record audio with its microphones.
Yeah, that sounds scary. The good news is that the exploits that Tizi was using have been patched long ago, with the April 2016 Android security patch. The bad news is that, as we know, there are millions of older Android phones out there that just don’t get updates.
According to Google’s data, Tizi apps were mostly downloaded by users in Kenya. A very small percentage of US users also got them. After discovering the exploit, Google deleted the apps, suspended the developers’ accounts, and sent a warning message to all devices that were presumed infected. Google Play Protect has also been updated to more effectively detect Tizi-based malware.
Σύμφωνα με τα δεδομένα της Google, τα Tizi apps είχαν τα περισσότερα downloads στην Κενύα, ένα πολύ μικρό ποσοστό σχετίζεται με τις ΗΠΑ και τον υπόλοιπο κόσμο. Αφού ανακάλυψε το exploit, η Google διέγραψε τις εφαρμογές, ανέστειλε τους λογαριασμούς των developers και έστειλε ένα προειδοποιητικό μήνυμα σε όλες τις συσκευές που θεωρήθηκαν μολυσμένες. Το Google Play Protect έχει επίσης ενημερωθεί για την αποτελεσματικότερη ανίχνευση κακόβουλου λογισμικού που βασίζεται στο Tizi.
