1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Devious new Android malware uses a Microsoft tool to avoid being

    From TechnologyDaily@1337:1/100 to All on Wed Mar 26 14:30:08 2025
    Devious new Android malware uses a Microsoft tool to avoid being spotted

    Date:
    Wed, 26 Mar 2025 14:26:00 +0000

    Description:
    McAfee found at least two apps being used to steal sensitive data.

    FULL STORY ======================================================================McAfee found hackers using .NET MAUI to hide malicious code in Android apps The apps are being distributed via unofficial app stores and phishing messages The
    goal of the malware is to steal data

    Cybercriminals are abusing a legitimate Windows tool to create malicious Android applications and steal their sensitive information, experts have claimed.

    Security researchers from McAfee showcased two examples caught in the wild, claiming an unknown threat actor was abusing .NET MAUI, a cross-platform development framework to create Android malware capable of evading detection.

    These threats disguise themselves as legitimate apps, targeting users to
    steal sensitive information, the report states.

    Monitor your credit score with TransUnion starting at $29.95/month

    TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnions advanced risk assessment tools.

    Preferred partner ( What does this mean? ) View Deal Phishing and fake app stores

    There were multiple ways .NET MAUI was used to bypass security protections, McAfee further explained.

    For one, the attackers were hiding the dangerous code inside a hidden storage area (blob files) where most antivirus programs dont usually look.

    Then, they used multi-stage dynamic loading (apps were loading small pieces
    of code one at a time, decrypting them as they go), to make it harder for security software to figure out what was going on.

    Furthermore, they added unnecessary settings and permissions in the apps
    files to confuse security scanners, and instead of using normal internet requests that security tools can monitor, these fake apps use encrypted messages and direct connections to send stolen data to the hackers.

    The malicious apps were not present on any of the reputable app repositories, such as the Google Play Store. Instead, they were found on unofficial app stores, to which victims get redirected via phishing links and similar scams.

    Among the malicious apps McAfee discovered a fake bank app and a fake SNS app targeting the Chinese-speaking community.

    Both apps were tasked with silently stealing data and exfiltrating it to the attacker-owned C2 server.

    As usual, the best way to defend against such threats is to only download
    apps from official repositories, and even then - being careful, reading reviews and other reports. You might also like These malicious Android apps were installed over 60 million times - here's how to stay safe We've rounded up the best password managers Take a look at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/devious-new-android-malware-uses-a-micr osoft-tool-to-avoid-being-spotted


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)