A novel Android malware is leveraging Microsoft’s .NET MAUI to stay undetected in a recent cybersecurity showdown. Masked as legitimate services like banking and social media applications aimed at Indian and Chinese-speaking users, the malware is crafted to acquire sensitive data.
Experts in cybersecurity from McAfee’s Mobile Research Team reveal that while the current threat targets China and India, other factions of cybercriminals could readily adopt this technique to target a wider audience.
In 2022, Microsoft introduced .NET MAUI, a toolkit that empowers developers to create applications for both desktops and mobile devices using C#, as a successor to the now-defunct Xamarin tool. The objective behind .NET MAUI was to streamline the process of developing applications that are compatible across multiple platforms.
Traditionally, Android apps are developed with Java or Kotlin, and their code is contained in a structure referred to as DEX (Dalvik Executable); Android’s security frameworks are configured to inspect these DEX files for any anomalies. However, with .NET MAUI, developers can fashion Android apps using C#, resulting in the app’s code being compacted into binary “blob” files.
Progressive Measures by Malware: Leveraging the Blob Advantage
These Binary Large Object or “blob” files essentially represent raw data chunks that lack a standardized file configuration. The challenge arises as numerous existing Android security utilities, tailored to scrutinize DEX files, do not delve into the internal contents of these blob files; this creates a significant blind spot in security, allowing malware to be covertly nested inside these blobs.
For malevolent actors, embedding malicious code right from the start proves to be more efficacious than deploying it through an update. The ‘blob’ format facilitates this stealthy, instantaneous infiltration.
“Through these evasive techniques, the threats can persist concealed for extended durations, making the process of analysis and detection markedly arduous,” cautions McAfee in its blog post. “Moreover, the identification of numerous variations employing the same essential strategies implies that this type of malware is progressively becoming common.”
SEE: Scam Alert: FBI ‘Increasingly Seeing’ Malware Distributed In Document Converters
Securing Your Device: Counsel from Security Researchers
Vigilance is imperative while sourcing apps, particularly if they are not from official application stores. Researchers at McAfee have uncovered that “…these platforms are frequently exploited by offenders for disseminating malware. This concern is amplified in regions like China, where access to legitimate app stores is restricted, heightening users’ susceptibility to such threats.”
To counteract the swift response of cybercriminals inventing new stratagems, McAfee strongly advocates that users “install security software on their devices and regularly update it.” Essentially, remaining attentive and implementing robust security measures are fundamental prerequisites for safeguarding against emerging threats.
About Author
