firestarter

October 29, 2020

THREAT RESEARCH

DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread

1 min read

The newly discovered Firestarter malware uses Google Firebase Cloud Messaging to notify its authors of the final payload location. Even if the command and control (C2) is taken down, the DoNot team can still redirect the malware to another C2 using Google infrastructure. The approach in the final payload upload denotes a highly personalized targeting […]