diff --git a/clusters/android.json b/clusters/android.json
index 06dbd0a..25bd48b 100644
--- a/clusters/android.json
+++ b/clusters/android.json
@@ -41,6 +41,15 @@
         ]
       }
     },
+    {
+      "value": "Tizi",
+      "description": "Tizi is a fully featured backdoor that installs spyware to steal sensitive data from popular social media applications. The Google Play Protect security team discovered this family in September 2017 when device scans found an app with rooting capabilities that exploited old vulnerabilities. The team used this app to find more applications in the Tizi family, the oldest of which is from October 2015. The Tizi app developer also created a website and used social media to encourage more app installs from Google Play and third-party websites.",
+      "meta": {
+        "refs": [
+          "https://security.googleblog.com/2017/11/tizi-detecting-and-blocking-socially.html"
+        ]
+      }
+    },
     {
       "value": "DoubleLocker",
       "description": "DoubleLocker can change the device’s PIN, preventing victims from accessing their devices, and also encrypts the data requesting a ransom.  It will misuse accessibility services after being installed by impersonating the Adobe Flash player - similar to BankBot.",
@@ -3728,7 +3737,7 @@
       }
     }
   ],
-  "version": 2,
+  "version": 3,
   "uuid": "84310ba3-fa6a-44aa-b378-b9e3271c58fa",
   "description": "Android malware galaxy based on multiple open sources.",
   "authors": [