Google[1] on Monday said it had detected an app called Tizi on Google Play[2] that had been stealing information from call records and also from social media apps like Facebook[3], WhatsApp[4], and also take pictures from mobile phones without even displaying them on screen of the device.
"Tizi is a fully featured backdoor that installs spyware to steal sensitive data from popular social media applications. The Google Play Protect[5] security team discovered this family in September 2017 when device scans found an app with rooting capabilities that exploited old vulnerabilities," a post[6] on Google security blog said.
The company has removed the app from Play Store, notified all known affected devices and suspended the account of the app developer, the post revealed.
The post said that an earlier variant of Tizi did not have rooting capabilities but it was developed later on and thereafter started stealing sensitive information from devices.
"The rooting capabilities give an app full control of the device. It can bypass all restriction posed on it by Android security system. An app with rooting is like a user using the device. Presence of such app on Google Play Store raises concerns around secure apps on the app store," cybersecurity expert Jiten Jain said.
The post said that after gaining rooting capability, Tizi steals sensitive data "from popular social media apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram."
The backdoor capability of Tizi were common to commercial spyware, such as recording calls from WhatsApp, Viber, and Skype, sending and receiving SMS messages, and accessing calendar events, call log, contacts, photos, Wi-Fi encryption keys, and a list of all installed apps
...