Malware is used by an APT threat group called DoNot DoNot uses Firebase Cloud Messaging (FCM), which is a cross-platform cloud solution for messages and notifications for Android, iOS and web applications. The loader uses it as a communication mechanism to connect with DoNot s command-and-control (C2) servers. DoNot is known for targeting Pakistani government officials and Kashmiri non-profit organizations in Kashmir. The malware, dubbed Firestarter, is a loader with a fake user interface that manipulates the user.
Source: https://threatpost.com/firestarter-android-malware-google-firebase-cloud/160800/