CyberSecurity news
FlagThis
Deeba Ahmed@hackread.com
//
A new wave of Android malware campaigns are exploiting Microsoft’s .NET MAUI framework to target users, particularly in India and China. Cybersecurity researchers at McAfee Labs have identified these malicious applications, which disguise themselves as legitimate services like banking and social media apps, to steal sensitive user information. These fake apps, collectively codenamed FakeApp, are not distributed through official channels like Google Play, but rather through bogus links sent via messaging apps and unofficial app stores. .NET MAUI, designed as a cross-platform development framework, allows these threats to conceal malicious code, making them difficult to detect by traditional antivirus solutions.
Researchers have found that the malware's core functionalities are written entirely in C# and stored as binary large objects, evading detection methods that typically analyze DEX files or native libraries. For instance, a fraudulent banking app impersonates IndusInd Bank, targeting Indian users by prompting them to enter personal and financial details, which are then sent to the attacker's command-and-control server. Another instance involves a fake social networking service app aimed at Chinese-speaking users, employing multi-stage dynamic loading to decrypt and execute its payload in separate stages, further complicating analysis and disrupting security tools.
ImgSrc: hackread.com
References :
Researchers have found that the malware's core functionalities are written entirely in C# and stored as binary large objects, evading detection methods that typically analyze DEX files or native libraries. For instance, a fraudulent banking app impersonates IndusInd Bank, targeting Indian users by prompting them to enter personal and financial details, which are then sent to the attacker's command-and-control server. Another instance involves a fake social networking service app aimed at Chinese-speaking users, employing multi-stage dynamic loading to decrypt and execute its payload in separate stages, further complicating analysis and disrupting security tools.
ImgSrc: hackread.com
Share:
References :
- hackread.com: Hackers Are Using Microsoft’s .NET MAUI to Spread Android Malware
- securityaffairs.com: Android malware campaigns use .NET MAUI to evade detection
- The DefendOps Diaries: Understanding the Threat: How .NET MAUI is Changing Android Malware
- thehackernews.com: Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps
- www.infosecurity-magazine.com: New Android Malware Uses .NET MAUI to Evade Detection
- securityonline.info: New Android Malware Campaign Uses .NET MAUI to Evade Detection
- Security Risk Advisors: 🚩New Android Malware Campaign Exploits .NET MAUI Framework to Steal Sensitive Data
- MSSP feed for Latest: Threat actors exploited Microsoft's .NET MAUI cross-platform development framework to craft fake apps in new Android malware campaigns.
- Virus Bulletin: McAfee's Mobile Research Team discovered an Android malware campaign abusing .NET MAUI, a cross-platform development framework, to evade detection and remain active on devices for a long time.
- BleepingComputer: New Android malware campaigns use Microsoft's cross-platform framework .NET MAUI while disguising as legitimate services to evade detection.
- Security | TechRepublic: Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection
Classification:
- HashTags: #AndroidMalware #NETMAUI #InfoStealer
- Company: Trend Micro
- Target: Android Users
- Product: .NET MAUI
- Feature: Cross-platform UI
- Malware: MAUI Malware
- Type: Malware
- Severity: Major