- McAfee found hackers using .net Maui to hide malicious code in Android -Apps
- Apps are distributed via unofficial app stores and phishing — messages
- The goal of malware is to steal data
Cyber criminals abuse a legitimate Windows tool to create malicious Android applications and steal their sensitive information, experts have claimed.
McAfee security researchers highlighted two examples trapped in nature and claimed that an unknown threat actor abused .net Maui, a cross-platform development frame to create Android Malware capable of avoiding detection.
“These threats hide as legitimate apps and target users to steal sensitive information,” the report states.
Phishing and fake app stores
There were several ways .NET MAUI was used to bypass security protection, McAfee explained further.
First, the striker hid the dangerous code inside a hidden storage range (Blob files) where most antivirus programs usually do not look.
Then they used the multi-stage dynamic load (apps loaded small coding pieces one at a time and decrypted them as they go) to make it harder for security software to find out what was going on.
In addition, the unnecessary settings and permissions added to the app’s files to confuse security scanners, and instead of using normal internet requests that security tools can monitor, use these fake apps encrypted messages and direct connections to send stolen data to the hackers.
The malicious apps were not present on any of the reputable app stores, such as the Google Play Store. Instead, they were found in “unofficial” app stores that the victims are redirected via phishing -links and similar scams.
Among the malicious apps, McAfee discovered a fake bank app and a fake SNS app aimed at the Chinese-speaking community.
Both apps were tasked with silently stealing data and exfiltering them to the striker-owned C2 server.
As usual, the best way to defend against such threats is to download only apps from official storage sites and even then be careful, read reviews and other reports.
