- McAfee found hackers using .Net Maui to hide the malware in Android applications
- Applications are distributed through unofficial application stores and phishing messages
- The goal of malware is to steal data
Cybercriminals abuse a legitimate Windows tool to create malicious Android applications and steal their sensitive information, experts said.
McAfee security researchers have presented two examples captured in the wild, saying that an unknown threat actor abused .NET Maui, a multiplatform development framework to create Android malware capable of avoiding detection.
“These threats are disguised in legitimate applications, targeting users to steal sensitive information,” said the report.
Phishing and false application stores
There were several ways in which .NET MAUI was used to bypass security protections, McAfee said.
On the one hand, the attackers hid the dangerous code within a hidden storage area (Blob files) where most antivirus programs are generally not.
Then, they used the dynamic loading in several steps (the applications loaded small pieces of code one at a time, describing them as you go), to make more difficult for security software to determine what was going on.
In addition, they have added unnecessary parameters and authorizations to the application files to confuse security scanners, and instead of using normal internet requests that security tools can monitor, these false applications use encrypted messages and direct connections to send stolen data to hackers.
The malicious applications were not present on any of the reputable application standards, such as the Google Play Store. Instead, they were found in “unofficial” application stores, to which the victims are redirected via phishing links and similar scams.
Among the malicious applications, McAfee discovered a false banking application and a false SNS application targeting the Chinese language community.
The two applications were responsible for silently flying data and exfiltrating the C2 server belonging to the attacker.
As usual, the best way to defend yourself against such threats is to download only applications from official benchmarks, and even – be careful, by reading criticism and other reports.
