“Our research revealed that DoNot has been experimenting with new techniques to keep a foothold on their victim machines,” according to researchers with Cisco Talos in a Thursday analysis. In this case, the loader uses it as a communication mechanism to connect with DoNot’s command-and-control (C2) servers, helping the group’s activities avoid detection. The service is provided by Firebase, a subsidiary of Google, and has been previously leveraged by cybercriminals. The malware, dubbed “Firestarter,” is used by an APT threat group called “DoNot.” DoNot uses Firebase Cloud Messaging (FCM), which is a cross-platform cloud solution for messages and notifications for Android, iOS and web applications. An APT group is starting fires with a new Android malware loader, which uses a legitimate Google messaging service to bypass detection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |