Researchers from McAfee's Mobile Research Team have found that cyber criminals are misusing the .NET MAUI framework to distribute malware. This malware is cleverly hidden in blob files, which traditional security solutions struggle to detect. The .NET MAUI framework, a successor to Xamarin, allows for app development across multiple platforms, yet its structure is being manipulated by attackers. Two notable examples include a fake banking app that targets Indian users and an advanced social media app that employs multi-stage loading techniques to covertly steal personal information from devices.
Researchers have uncovered that .NET MAUI is exploited by cyber criminals to hide malware within blob files, eluding traditional security detections.
The malware campaigns leverage C# within .NET MAUI to conceal core functionalities in blob-binaries, sidestepping typical security measures that focus solely on DEX files.
One identified malicious app masquerades as a banking application targeting Indian users, harvesting sensitive data directly through user interactions.
Another malware example showcased advanced evasion tactics, employing multi-stage dynamic loading to embed its payload. The app also siphons personal information through encrypted channels.
Collection
[
|
...
]