Cybercriminals are exploiting .NET MAUI, a cross-platform development framework, to create Android malware that evades detection. These threats disguise themselves as legitimate apps, targeting users to steal sensitive information. The malware campaigns use techniques such as hiding code in blob files, multi-stage dynamic loading, and encrypted communications to avoid security measures. Two examples are discussed: a fake bank app targeting Indian users and a fake social media app targeting Chinese-speaking users. The latter employs advanced evasion techniques like excessive permissions in the AndroidManifest.xml file and encrypted socket communication. Users are advised to be cautious when downloading apps from unofficial sources and to use up-to-date security software for protection. Author: AlienVault
Related Tags:
NET MAUI
British Indian Ocean Territory
T1027.002
T1132.001
T1056.001
T1204.002
China
T1574.002
T1071.001
Associated Indicators:
16D176C09531DA744093B90F223018370BE10E8AD60EDD74F84CBF16CB49E9B3
EEE469A0CF48F94E15D7F84C750CD820A46B6AE8211BAED9023BCCE446EAC8E2
F70731D175739AE22E7B49CF9F0752DFA405D7F3CEAE3A4B8A5C903185D0F2DC
510A87BB9636D7A71BCAC6A2158D4FA6ABBEFBC115A0EADC9B1B43A10E9F14BB
04139634480530A8565B4725B835B3C62684B8213C34F243B27EA6CEE16861D9
22F14EA4E540A695B97CE4518B6E5A6989565CE90C8601D38634ED5F865D851F
E3E161277F820AB1277D25662F7E9DA6ED36F7697881B8C6110682E9D043AC8F
04B8902831EA4546D84146BA8DBF84656577656C43F41B09C5F6CE0B78CE16F6
157A896E9876F309241371E4470B5E32FA26C857AABF8C8FF89E71BD78B99263