• Home
  • Mobiles
  • Mobiles News
  • DoNot Firestarter Android Malware is Using Google Firebase Cloud Messaging to Infect Devices: Cisco Report

DoNot Firestarter Android Malware is Using Google Firebase Cloud Messaging to Infect Devices: Cisco Report

Using Google’s own infrastructure, the malware can be highly targeted, and hides among legitimate network usage, making it hard to find.

DoNot Firestarter Android Malware is Using Google Firebase Cloud Messaging to Infect Devices: Cisco Report

The loader is usually disguised as an application that a user is lured into installing

Highlights
  • DoNot Firestarter malware has been detected recently
  • It is known to target users in India, Pakistan, and China
  • DoNot's activities were analysed by Cisco Talos researchers

DoNot Firestarter is a newly detected malware on Android that is reportedly using Google's own infrastructure to deliver malware. According to Cisco's Talos cybersecurity researchers, Firestarter uses Google's Firebase Cloud Messaging infrastructure to control the malware. Using Google's infrastructure allows the malware to hide amidst legitimate Internet traffic, and also allows the malware to be targeted in a personalised manner, making it even harder for security researchers to detect.

Analysis of DoNot's activities by cyber threat researchers at Cisco Talos says that the group tries to specifically target government officials in Pakistan, and NGOs working in Kashmir.

The loader is usually disguised as an application that a user is lured into installing. The app then contains additional code that is used to download the payload, based on the information gained from the device. This could be used — for example — to create an app that is innocuous in the rest of the world but acts as malware in a specific geography.

The malware then transmits personal and geographical information about the device to DoNot's C2, or its command centre, which helps the group identify the user and decide whether or not to infect the device. The researchers said that by using Google FCM, the malware can receive a malicious package from the DoNot C2 in the form of a link, which would give the group access to the device. And even if a particular C2 was to be taken down, access through the Google FCM would allow the group to infect the device using a different C2, making this loader particularly dangerous and difficult to weed out.
The only way to neutralise the threat, researchers say, would be for Google to take down the infected FCM account, along with the C2. The analysis also says that being specific in targeting users, the DoNot Firestarter malware is hard to be detected and categorised by security researchers.


Is Android One holding back Nokia smartphones in India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Veer Arjun Singh is Deputy Editor, News at Gadgets 360. He has written many in-depth features on technology, healthcare, hospitality, and education in the last seven years, besides reviewing latest gadgets across categories. He has also profiled CXOs, entrepreneurs, social workers, lawyers, chefs, and musicians. You can find him as @arjunwadia on Twitter or email him at arjuns@ndtv.com with tips, suggestions, and general observations. More
Oppo K7x Geekbench Listing, Official Teaser Reveal Key Specifications Ahead of November 4 Launch
Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com