DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread

By Warren Mercer, Paul Rascagneres and Vitor Ventura.

The newly discovered Firestarter malware uses Google Firebase Cloud Messaging to notify its authors of the final payload location.Even if the command and control (C2) is taken down, the DoNot team can still redirect the malware to another C2 using Google infrastructure.The approach in the final payload upload denotes a highly personalized targeting policy.
What’s new? The DoNot APT group is making strides to experiment with new methods of…



[[ This is only the beginning! Please visit the blog for the complete entry ]]

Article Link: http://feedproxy.google.com/~r/feedburner/Talos/~3/hZRwWD1iick/donot-firestarter.html