The cybersecurity researchers at Cisco Talos has discovered a new Android malware named DoNot Firestarter. In this malware, the threat actors apply Google’s own Firebase Cloud Messaging base to manage and convey malware to inexperienced users.
Hackers are using the Firebase Cloud Messaging (FCM), it is a cross-platform cloud solution for messages and notifications for Android, web applications, and iOS.
However, this kind of service are implemented by Firebase, it is a subsidiary of Google, and earlier, it has been grasped by the cybercriminals.
Also, this malware was hard to detect, that’s why they added that the DoNot Firestarter is explicitly being targeted towards government executives in Pakistan and NGOs that are operating in Kashmir.
This new DoNot malware is creating steps to research with all new procedures of delivery for their payloads. This malware uses all new legitimate services within Google’s infrastructure, which impersonates it harder for detection across a user’s network.
Rather than this, there are some new points regarding this malware, and here they are mentioned below:-
In this new DoNot malware, the users are tempted to install an ill-disposed app on their mobile device. this ill-disposed app that includes all kinds of additional ill-disposed code.
This ill-disposed code tries to download a payload based on all negotiated device data. After performing this step, it assures that only specific devices are addressed the malicious payload.
In loader flow, the first execution implements a trick to make the victim accept no malicious install. However, the sequence that has been mentioned below shows what a user notices throughout the first execution.
After the uninstallation of messages are done, the icon gets removed from the UI; But here, the only way to expose the application is by reviewing the application list.
After reviewing the list, the user will notice an icon for the application that appears to be disabled, as mentioned above in the image.
According to the Talos report, the DoNot Team has much interest in India and Pakistan. However, the few Android applications’ filenames show the corresponding interest, for example, kashmir_sample.apk or Kashmir_Voice_v4.8.apk.
This new attack gives details to the same victimology, as usual, India, Pakistan, and the Kashmir crisis. The victims mainly belong to the non-profit organization and have end-users, and are mostly linked to this world’s area.
The malware that has been developed by the DoNot Team exerts the authority of the negotiated devices; And not only that even it supports all the standard features of a spying framework that are mentioned below:-
There is no doubt that hackers continue to innovate their services. However, the DoNot team has actively circumvented all its conventional methods of different components throughout this new part of malware.
The threat actors are trying to evade and disguise using Google platforms, as they used different configuration options to enable specially crafted features for their web server infrastructure. Later they ensured that they had backward adaptability with earlier versions of their malware.
In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…
Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…
The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…
In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…
A recent campaign has been observed to be delivering DJvu ransomware through a loader that…
In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…