Although the search giant has removed Tizi-infected apps from Play Store, the spyware has already affected around 1,300 devices.
Google said that it had notified users of all the known infected devices and suspended the developer's account.
The Android spyware can steal sensitive data from social media apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram. Tizi can also record calls from WhatsApp, Viber, and Skype. It can also access photos, contacts, call logs, calendar events, Wi-Fi encryption keys, and a list of all installed apps.
Moreover, the spyware is also capable of recording audio and taking photos without displaying it on the screen, ensuring that the user is unaware of the photo captured. Google said that the spyware was also capable of rooting devices with older vulnerabilities.
"Most of these vulnerabilities target older chipsets, devices, and Android versions. All of the listed vulnerabilities are fixed on devices with a security patch level of April 2016 or later, and most of them were patched considerably prior to this date. Devices with this patch level or later are far less exposed to Tizi's capabilities," Google said in a blog.
According to Google, the oldest Tizi app is from October 2015. The individual who allegedly developed Tizi created a website and social media accounts to trick users into installing it from Google Play and third-party websites.
The spyware was "used in a targeted attack against devices in African countries, specifically: Kenya, Nigeria, and Tanzania," Google said. ZDNet reported that one of the Tizi-infected apps was targeting people interested in installing an app about a Kenyan political coalition called the National Super Alliance (NASA).
ZDNet reported that the Twitter account promoting Tizi was actively spreading links even after Google removed the Tizi-infected apps from the Play Store. However, at the time of writing, the Twitter account (@MyTiziApp) appears to have been deleted and is no longer available.