Hackers Are Using Microsoft’s .NET MAUI to Spread Android Malware

McAfee Labs has revealed that cybercriminals are exploiting Microsoft’s newly introduced .NET MAUI app development tool to spread Android malware with cross-platform capabilities.

The McAfee Mobile Research Team discovered that this development framework, meant to replace Xamarin and expand beyond mobile platforms, is now being abused to disguise malicious code within seemingly legitimate applications, and primary targets are Android users.

Unlike traditional Android malware, which relies on DEX files or native libraries, these threats store their core functionalities as blob binaries within assemblies. This method effectively bypasses many antivirus solutions that primarily focus on analysing conventional Android app components.

The second example, a fake social networking application, targeted Chinese-speaking users, attempting to steal contacts, SMS messages, and photos. This malware employed multi-stage dynamic loading, which entails encrypting and loading DEX files in three separate stages to obscure its malicious payload.

Fake app’s screen and the fake X app (Source: McAfee Labs)

Additionally, the malware manipulated the AndroidManifest.xml file by adding an excessive number of meaningless permissions, disrupting analysis tools. It also utilized encrypted TCP socket communication to evade network traffic interception.

McAfee Labs also observed that the threat actors diversified their themes, distributing fake dating apps with similar structures and functionalities, indicating a widespread campaign.

“These apps had different background images but shared the same structure and functionality, indicating that they were likely created by the same developer as the fake X app,” researchers noted in their report.

The rise of .NET MAUI-based malware and the adoption of new evasion techniques, including hiding code blobs within assemblies, multi-stage dynamic loading, and encrypted communication, shows a concerning trend that needs immediate addressing by the cybersecurity community.

To stay safe, please exercise caution when downloading applications from unofficial sources, particularly in regions with limited access to official app stores, such as China. “Staying vigilant and ensuring that security measures are in place can help protect against emerging threats,” McAfee researchers concluded.

Featured/Top Image by iXimus from Pixabay




Source link