119/68 Thursday, March 27, 2025
Researchers from McAfee Labs have revealed that cybercriminals are abusing Microsoft’s .NET MAUI (Multi-platform App UI) framework to distribute Android malware capable of operating across platforms. Originally designed by Microsoft to replace Xamarin and expand beyond mobile platforms, .NET MAUI is now being misused to embed malicious code into seemingly legitimate Android applications, with Android users as the primary targets.
Unlike typical Android malware that relies on DEX files or native libraries, these threats store their core functionality in binary blobs within .NET assemblies. This approach allows them to evade detection by antivirus software that relies on traditional app structure analysis. Researchers also discovered fake social networking apps targeting Chinese-speaking users, designed to steal contacts, SMS messages, and photos, using multi-stage dynamic loading and manipulated AndroidManifest.xml files with excessive permissions to obstruct analysis tools.
The report also notes that these malware samples use encrypted TCP socket communication to avoid detection by network monitoring tools. Additionally, researchers observed fake dating apps with similar structures and behavior, suggesting they may originate from the same threat group. McAfee experts urge users to be cautious when downloading apps from untrusted sources, especially in regions where access to official app stores is restricted, such as China. They recommend reviewing security practices to protect against these evolving threats.
Source https://hackread.com/net-maui-exploited-in-advanced-malware-campaigns-mcafee-labs/
