Tizi spyware targets Android OS users
Tizi Android virus is a spyware that is designed to track information from social media apps, record calls or audio, take pictures with an affected Android device, read and send SMS messages, get full access to the smartphone or tablet, send GPS location and perform many other dangerous activities.
This version of Android virus was detected in September 2017 by Google. However, the further analysis of cyber threat revealed that it might have been active since 2015. According to the latest data, about 1,300 Android devices were infected with this spyware.
Google Play Protect and Google Threat Analysis Group detected that malicious apps were available on Google Play Store and several third-party app download websites. Authors of the Tizi malware also created a fake site that promoted bogus programs and spread the link via social networks.
Tizi virus mostly aims at African computer users, including Kenya. Nigeria and Tanzania. However, several attacks were held in the United States and other countries in Europe or Asia. This Android backdoor can root the device and install spyware on the affected device.
Malware is designed to track information from social media apps, such as:
After the attack, Tizi Android malware gets full access to the device and might steal information from previously mentioned social media apps, record calls and execute any other commands received from the Command and Control server.
Thus, if you suspect that your smartphone or tablet might be infected with spyware, you should run a full system scan with Reimage in order to remove Tizi malware. However, removal might not be as easy. This Android virus might make system modifications and prevent from using security software.
In this case, you might need to reboot to Safe Mode or even perform a factory reset first. These methods should disable the virus and allow performing automatic Tizi removal.
Tizi malware gets root access to the device exploiting system vulnerabilities
Malware targeted those Android users who use old or outdated versions of the mobile OS. In order to get root access, it exploits these vulnerabilities:
However, it doesn’t mean that latest Android OS users are safe from the attack. If malware cannot get root access automatically, it asks a direct permission. The majority of users do not read what permissions the installed app asks for. Thus, without putting much thinking, people give the malicious app what it wants.
On the affected device Tizi virus establishes a connection to the Command and Control (C&C) server. It uses either HTTPS or MQTT messaging protocol to communicate with the developers and complete their commands.
Distribution methods of the mobile spyware
The Tizi malware was included in a bunch of malicious apps. While some of them were available on the official Google Play Store; others were available on third-party apps stores.
Currently, are known three package names that included Tizi:
In order to avoid Tizi hijack or infiltration of another Android virus, mobile security experts from zondervirus.nl recommend following these tips:
- Check app permissions before installing them;
- Install app and software updates;
- Enable Google Play Protect;
- Enable a secure lock screen;
- Avoid downloading apps from the suspicious third-party store.
Even though malicious apps might get in Google Play store, chances to download spyware or malware from third-party stores are higher. Thus, you should stick to the official Android app store.
Removal of the Tizi Android malware
If you suspect that your smartphone or tablet was infected with this Android spyware, you have to run the system scan with a mobile antivirus and perform automatic Tizi removal. However, it might be malware removal software’s activity. In this case, you have to boot the device into Safe Mode.
Sometimes, booting to Safe Mode is also impossible. Then, users have to perform a factory reset in order to remove Tizi Android virus from the system. Keep in mind that only resetting mobile to the factory mode is not enough. Scanning the system with Reimage or another anti-malware is needed to wipe out spyware from your device.