Android Malware Steals Data from Social Media Applications
A newly found android indirect access that has figured out how to contaminate more than one thousand Android gadgets was intended to take delicate information from famous online networking applications, Google uncovers.
Named Tizi, the malware accompanies establishing abilities and has been as of now utilized as a part of a progression of focused assaults against casualties in African nations, for example, Kenya, Nigeria, and Tanzania.
Discovered by the Google Play Protect team in September 2017, the backdoor appears to have been in use since October 2015.
A fully featured backdoor, Tizi installs spyware that allows it to steal sensitive data from the targeted applications, Google says. The malware family attempts to exploit old vulnerabilities to gain root access on the infected Android devices, and its developer also uses a website and social media to lure users into installing more apps from Google Play and third-party websites.
To date, Google has identified over 1,300 devices affected by the malware. According to the company, newer Tizi variants include rooting capabilities that attempt to exploit a series of local vulnerabilities, including CVE-2012-4220, CVE-2013-2596, CVE-2013-2597, CVE-2013-2595, CVE-2013-2094, CVE-2013-6282, CVE-2014-3153, CVE-2015-3636, and CVE-2015-1805.
Since most of these vulnerabilities target older chipsets, devices, and Android versions, users running a security patch level of April 2016 or later are far less exposed to Tizi’s capabilities. If none of the exploits works, the Tizi apps attempting to gain root will switch to perform the action through the high level of permissions it asks from the user.
Once it has gained root on the compromised device, the threat can proceed to steal sensitive data from popular social media apps such as Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram.
After infection, the malware usually contacts its command and control (C&C) by sending an SMS with the device’s GPS coordinates to a specific number. Subsequent communication with the C&C, however, is performed over HTTPS, but some versions of the malware also use the MQTT messaging protocol to connect to a custom server.
“The backdoor contains various capabilities common to commercial spyware, such as recording calls from WhatsApp, Viber, and Skype; sending and receiving SMS messages; and accessing calendar events, call log, contacts, photos, Wi-Fi encryption keys, and a list of all installed apps,” Google says.
On top of that, however, the malware can also record ambient audio and take pictures without displaying the image on the device’s screen.
To stay safe, users are advised to pay close attention to the permissions they grant to newly installed applications; to enable a secure lock screen, such as PIN, pattern, or password; keeping their devices up-to-date at all times, given that the threat exploits old, known vulnerabilities; and ensure Google Play Protect is enabled.
Now your take on this argument.
We would also like to hear what you feel about the topic we discussed today. Your feedback is very important to us. Feel free to drop your comments and recommendations. If you have a contrary opinion, you can drop that too.
You can also join our Facebook Page CRMNigeria for more updates. You can do that by clicking on the link or searching for our page on Facebook.
You need to confirm your subscription by clicking on the link sent to you. You can check the spam folder for it. Add us to your mailing list to receive directly from us.
PS: Click on the link below to sign up for my Online E-Course CRM Training. Make sure you confirm your subscription by clicking on the link sent to you. Thanks.
Adeniyi Salau PMP , CCNA R&S , CDMP, CEP, MOS, MCP, CSCU (Project 2016), Microsoft Certified Security and Networking Associate is a Google and Beingcert Certified Digital Marketer, Project Manager and SEO Expert of repute with about a decade of Blogging and online marketing experience. He is always ready to share his experience with others.