Researchers at Check Point recently discovered that the operator of a malware tool that breaks into mobile users’ financial accounts was employing a novel new method to sneak its malware into Google’s official Android Play mobile app store.

The method involved using Google’s own Firebase platform for command-and-control (C2) communications and using GitHub as a third-party hosting platform for downloading the main malware. It allowed the attacker to fool and pass the security checks that Google conducts on all applications before they can be uploaded to its app store or downloaded on a device.