Google is warning users of a socially engineered spyware named Tizi that that looks to steal sensitive data from popular social media sites including WhatsApp, Skype, and Viber.
The spyware is a backdoor family with some rooting capabilities and was used in targeted attacks against devices in African countries including Kenya, Nigeria, and Tanzania although installations have also been spotted in the U.S. though in lower numbers, according to a Nov. 27 Google security blog post.
The malware authors even went as far as creating a website and social media post that promote the malware advertising it as a workout app. Researchers discovered the malware in September 2017 after spotting an app with rooting capabilities that exploited old vulnerabilities.
This app was then traced to other malicious apps in the Tizi family with the oldest dating back to October 2015. Once identified, Google Play Protect was used to disable Tizi-infected apps on affected devices and users were notified.
In order to avoid similar malicious apps, researchers recommend users check permission requested from application, enable a secure lock screen and ensure devices and applications are kept up to date and that Google Play Protect is enabled to disable malicious apps as soon as they are identified.