Image

Image

... [Tizi] usually first contacts its command-and-control servers by sending an SMS with the device's GPS coordinates to a specific number. Subsequent command-and-control communications are normally performed over regular HTTPS, though in some specific versions, Tizi uses the MQTT messaging protocol with a custom server. The backdoor contains various capabilities common to commercial spyware, such as recording calls from WhatsApp, Viber, and Skype; sending and receiving SMS messages; and accessing calendar events, call log, contacts, photos, Wi-Fi encryption keys, and a list of all installed apps. Tizi apps can also record ambient audio and take pictures without displaying the image on the device's screen.Even if it can't obtain root, Tizi can still read and send SMS messages like other Android-based threats, manipulate outgoing phone calls, and leverage other high-level permissions granted to it by the user. To protect against this backdoor family, users should update their Android devices, ensure Google Play Protect is enabled, and exercise caution around apps that request unreasonable permissions.