Malicious Spyware App on official Google Play Store Can Steal All your Data and Record Your Calls

Google security team has discovered a new strain of Android spyware named Tizi, which was found inside several apps previously available in Google Play Store.  

Tizi is a fully-featured Android backdoor that installs spyware apps on victims' devices to steal data from social media apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram.

Besides this, it can also record calls from WhatsApp, Viber, and Skype, as well as access calendar events, call log data, contacts, photos, Wi-Fi encryption keys, and a list of installed apps. It can record audio when the user is not actively using the phone and take pictures without even opening the camera app on the screen. According to the researchers, Tizi infected apps were in the market since 2015.

Google has suspended the app's developer account and then uninstalled the Tizi apps from infected devices but unfortunately, the damage done so far cannot be reverted. The company has identified 1,300 devices affected by Tizi.

Ankush Johar, director and partner at Infosec Ventures, says: "Recently, the Google Play Store has been in the news for containing numerous malicious applications which were available on the store for download. These fake apps tend to steal data, perform phishing attacks or inject adwares in the devices to generate income. There is a misconception amongst the smartphone users that if an app is available on an official play store then it is secure. However, this myth is far away from the reality.

"It is very critical for users to understand the risks that are involved with downloading any random application from play store. Your security is in your own hands." Here are a few tips that should keep you safe:

* Always check what all permission the app requires the users to allow before installation. Stay cautious with permissions that don't seem legitimate, for instance, if a calculator app wants to access your call logs or messages it is clear that the app wants unnecessary permission and can be malicious. Trust your gut!

* Don’t download apps from unknown sources, they can be infected with data-stealing malware hidden behind a genuine looking app. Stay away from pirated apps

* Do not enter your confidential details like your bank account details etc on any application other than the one that the data belongs to. Ie. your bank app.

* For added security, set your app store settings to “Do not allow third-party app downloads from untrusted sites.”

* Google recently launched “Google play protect”. Make sure that the application is verified by “Google Play Protect” else avoid downloading the app.

* Check reviews and ratings given by others users who have installed the application. If the ratings are unsatisfactory it is not preferable to download the app.

* Check the number of downloads, if the number of downloads is less than 50k, it may be risky to download the app.

* Check the app for spelling errors, grammatical errors or logos that appear to be poorly designed. These may point to malicious or simply ill-managed apps.

* If there is an invalid email address and no official website then it is likely that it is a fake app.

* If the application contains lots of advertising or pop-ups then it's better to uninstall the app as it may be designed for phishing purposes.

* Its always good to have a reputed antivirus/antimalware app in your smart-device as it will keep protected from most attacks.

Finally, THINK BEFORE YOU DOWNLOAD!