Devious new Android malware uses a Microsoft tool to avoid being spotted

McAfee found hackers using .NET MAUI to hide malicious code in Android apps
The apps are being distributed via unofficial app stores and phishing messages
The goal of the malware is to steal data

Cybercriminals are abusing a legitimate Windows tool to create malicious Android applications and steal their sensitive information, experts have claimed.

Security researchers from McAfee showcased two examples caught in the wild, claiming an unknown threat actor was abusing .NET MAUI, a cross-platform development framework to create Android malware capable of evading detection.

“These threats disguise themselves as legitimate apps, targeting users to steal sensitive information,” the report states.

Phishing and fake app stores

There were multiple ways .NET MAUI was used to bypass security protections, McAfee further explained.

For one, the attackers were hiding the dangerous code inside a hidden storage area (blob files) where most antivirus programs don’t usually look.

Then, they used multi-stage dynamic loading (apps were loading small pieces of code one at a time, decrypting them as they go), to make it harder for security software to figure out what was going on.

Furthermore, they added unnecessary settings and permissions in the app’s files to confuse security scanners, and instead of using normal internet requests that security tools can monitor, these fake apps use encrypted messages and direct connections to send stolen data to the hackers.

The malicious apps were not present on any of the reputable app repositories, such as the Google Play Store. Instead, they were found on “unofficial” app stores, to which victims get redirected via phishing links and similar scams.

Among the malicious apps McAfee discovered a fake bank app and a fake SNS app targeting the Chinese-speaking community.

Both apps were tasked with silently stealing data and exfiltrating it to the attacker-owned C2 server.

As usual, the best way to defend against such threats is to only download apps from official repositories, and even then – being careful, reading reviews and other reports.

https://cdn.mos.cms.futurecdn.net/De6HMXQy8UW49U2VR97BUN-1200-80.png

Source link

NordVPN had a busy start to 2026 — here’s a recap of all the releases you may have missed

Quordle hints and answers for Saturday, April 4 (game #1531)

NYT Connections hints and answers for Saturday, April 4 (game #1028)

NYT Strands hints and answers for Saturday, April 4 (game #762)

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Blake Lively to Fight ‘Digital Violence’ After Most Claims Dismissed

Trendy Looks & Best Styles to Shop

Superman Celebrities Attending Conventions Next Weekend (April 10-12, 2026)

Cyberpunk 2077 Getting Official Late April Release

Ukrainian drone and missile attack kills at least one in southern Russia, governor says

Soccer-One killed, dozens hurt as Peru stadium event goes awry

Downed planes spell new peril for Trump as Tehran hunts missing US pilot

What’s behind Nomura’s call for later Fed rate cuts?

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Devious new Android malware uses a Microsoft tool to avoid being spotted

Ukrainian drone and missile attack kills at least one in southern Russia, governor says

Blake Lively to Fight ‘Digital Violence’ After Most Claims Dismissed

Trendy Looks & Best Styles to Shop

Superman Celebrities Attending Conventions Next Weekend (April 10-12, 2026)