Tizi Android virus (Simple Removal Guide) - Tutorial
Tizi Android virus Removal Guide
What is Tizi Android virus?
Tizi spyware targets Android OS users
Tizi Android virus is a spyware that is designed to track information from social media apps, record calls or audio, take pictures with an affected Android device, read and send SMS messages, get full access to the smartphone or tablet, send GPS location and perform many other dangerous activities.
This version of Android virus was detected in September 2017 by Google.[1] However, the further analysis of cyber threat revealed that it might have been active since 2015. According to the latest data, about 1,300 Android devices were infected with this spyware.
Google Play Protect[2] and Google Threat Analysis Group detected that malicious apps were available on Google Play Store and several third-party app download websites. Authors of the Tizi malware also created a fake site that promoted bogus programs and spread the link via social networks.
Tizi virus mostly aims at African computer users, including Kenya. Nigeria and Tanzania. However, several attacks were held in the United States and other countries in Europe or Asia. This Android backdoor can root the device and install spyware on the affected device.
Malware is designed to track information from social media apps, such as:
- Facebook,
- Twitter,
- WhatsApp,
- Viber,
- Skype,
- Linkedin,
- Telegram.
After the attack, Tizi Android malware gets full access to the device and might steal information from previously mentioned social media apps, record calls and execute any other commands received from the Command and Control server.
Thus, if you suspect that your smartphone or tablet might be infected with spyware, you should run a full system scan with FortectIntego in order to remove Tizi malware. However, removal might not be as easy. This Android virus might make system modifications and prevent from using security software.
In this case, you might need to reboot to Safe Mode or even perform a factory reset first. These methods should disable the virus and allow performing automatic Tizi removal.
Tizi malware gets root access to the device exploiting system vulnerabilities
Malware targeted those Android users who use old or outdated versions of the mobile OS. In order to get root access, it exploits these vulnerabilities:
- CVE-2012-4220,
- CVE-2013-2596,
- CVE-2013-2597,
- CVE-2013-2595,
- CVE-2013-2094,
- CVE-2013-6282,
- CVE-2014-3153,
- CVE-2015-3636,
- CVE-2015-1805.
However, it doesn’t mean that latest Android OS users are safe from the attack. If malware cannot get root access automatically, it asks a direct permission. The majority of users do not read what permissions the installed app asks for. Thus, without putting much thinking, people give the malicious app what it wants.
On the affected device Tizi virus establishes a connection to the Command and Control (C&C) server. It uses either HTTPS or MQTT messaging protocol to communicate with the developers and complete their commands.
Tizi is an Android spyware that mostly tries to steal personal information from users in Africa.
Distribution methods of the mobile spyware
The Tizi malware was included in a bunch of malicious apps. While some of them were available on the official Google Play Store; others were available on third-party apps stores.
Currently, are known three package names that included Tizi:
- com.press.nasa.com.tanofresh
- com.dailyworkout.tizi
- com.system.update.systemupdate
In order to avoid Tizi hijack or infiltration of another Android virus, mobile security experts from zondervirus.nl[3] recommend following these tips:
- Check app permissions before installing them;
- Install app and software updates;
- Enable Google Play Protect;
- Enable a secure lock screen;
- Avoid downloading apps from the suspicious third-party store.
Even though malicious apps might get in Google Play store, chances to download spyware or malware from third-party stores are higher. Thus, you should stick to the official Android app store.
Removal of the Tizi Android malware
If you suspect that your smartphone or tablet was infected with this Android spyware, you have to run the system scan with a mobile antivirus and perform automatic Tizi removal. However, it might be malware removal software’s activity. In this case, you have to boot the device into Safe Mode.
Sometimes, booting to Safe Mode is also impossible. Then, users have to perform a factory reset in order to remove Tizi Android virus from the system. Keep in mind that only resetting mobile to the factory mode is not enough. Scanning the system with FortectIntego or another anti-malware is needed to wipe out spyware from your device.
How to prevent from getting malware
Choose a proper web browser and improve your safety with a VPN tool
Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.
Lost your files? Use data recovery software
While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.
To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.
- ^ Anthony Desnos, Megan Ruthven, Richard Neal, Clement Lecigne. Tizi: Detecting and blocking socially engineered spyware on Android. Google Security Blog. The latest news and insights from Google on security and safety on the Internet.
- ^ Mohit Kumar. Google Adds New Behavior-Based Malware Scanner To Every Android Device. The Hacker News. Cyber security and hacking news.
- ^ Zondervirus. Zondervirus. Cyber security news.