![]() This malicious app then contains additional malicious code which attempts to download a payload based on information obtained from the compromised device. ![]() How did it work? Users are lured to install a malicious app on their mobile device. They are using a legitimate service within Google's infrastructure which makes it harder for detection across a users network. ![]() What's new? The DoNot APT group is making strides to experiment with new methods of delivery for their payloads. The approach in the final payload upload denotes a highly personalized targeting policy. The newly discovered Firestarter malware uses Google Firebase Cloud Messaging to notify its authors of the final payload location.Įven if the command and control (C2) is taken down, the DoNot team can still redirect the malware to another C2 using Google infrastructure. By Warren Mercer, Paul Rascagneres and Vitor Ventura. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |