An Android spyware dubbed MobSTSPY has managed to ride trojanized apps to a widespread, global distribution, mainly via Google Play. The malware masquerades as a legitimate application purporting to be things like flashlights, games and work productivity tools. Researchers say the malware is mainly an information-stealing, though it has a unique phishing aspect as well. It uses Firebase Cloud Messaging to communicate with its command-and-control server, and that it exfiltrates data depending on which command it receives.
Source: https://threatpost.com/mobstspy-trojan-google-play/140534/