Hackers Are Using Microsoft’s .net Maui To Spread Android Malware

McAfee Labs has revealed that cybercriminals are exploiting Microsoft’s recently introduced .NET MAUI app improvement instrumentality to dispersed Android malware pinch cross-platform capabilities.

The McAfee Mobile Research Team discovered that this improvement framework, meant to replace Xamarin and grow beyond mobile platforms, is now being abused to disguise malicious codification wrong seemingly morganatic applications, and superior targets are Android users.

Unlike traditional Android malware, which relies connected DEX files aliases autochthonal libraries, these threats shop their halfway functionalities arsenic blob binaries wrong assemblies. This method efficaciously bypasses galore antivirus solutions that chiefly attraction connected analysing accepted Android app components.

The 2nd example, a clone societal networking application, targeted Chinese-speaking users, attempting to bargain contacts, SMS messages, and photos. This malware employed multi-stage move loading, which entails encrypting and loading DEX files successful 3 abstracted stages to obscure its malicious payload.

Fake app’s surface and nan clone X app (Source: McAfee Labs)

Additionally, nan malware manipulated nan AndroidManifest.xml record by adding an excessive number of meaningless permissions, disrupting study tools. It besides utilized encrypted TCP socket connection to evade web postulation interception.

McAfee Labs besides observed that nan threat actors diversified their themes, distributing clone making love apps pinch akin structures and functionalities, indicating a wide campaign.

“These apps had different inheritance images but shared nan aforesaid building and functionality, indicating that they were apt created by nan aforesaid developer arsenic nan clone X app,” researchers noted successful their report.

The emergence of .NET MAUI-based malware and nan take of caller evasion techniques, including hiding codification blobs wrong assemblies, multi-stage move loading, and encrypted communication, shows a concerning inclination that needs contiguous addressing by nan cybersecurity community.

To enactment safe, please workout be aware erstwhile downloading applications from unofficial sources, peculiarly successful regions pinch constricted entree to charismatic app stores, specified arsenic China. “Staying vigilant and ensuring that information measures are successful spot tin thief protect against emerging threats,” McAfee researchers concluded.

Featured/Top Image by iXimus from Pixabay