The article discusses the emergence of malware campaigns utilizing .NET MAUI, a new cross-platform development framework, to evade detection and steal sensitive user information. These malicious apps disguise themselves as legitimate services and often target users from unofficial app stores or through phishing links. Recommendations for user protection against such threats are provided. Affected: mobile applications, cybersecurity sector, users in India, users in China
Keypoints :
- Cybercriminals are using .NET MAUI malware to evade detection by disguising apps as legitimate.
- Recent malware targets users in India and China, with various techniques to steal sensitive information.
- The malware campaigns utilize blob binaries to hide malicious code, making detection difficult.
- By employing multi-stage dynamic loading, these malware apps obscure their core functions from security software.
- Malware is distributed primarily through unofficial app stores, often accessed via phishing links.
- McAfee Mobile Security effectively detects these malicious applications as Android/FakeApp.
MITRE Techniques :
- Technique: T1140 – Deobfuscate/Decode Files or Information; Procedure: Malware hides core functionalities in blob binaries to evade analysis.
- Technique: T1064 – Scripting; Procedure: Uses C# scripts hidden within the app to collect and transmit user data.
- Technique: T1071 – Application Layer Protocol; Procedure: Relies on TCP socket communication for data transmission to evade detection.
- Technique: T1032 – Standard Cryptographic Protocol; Procedure: Uses encrypted communications to protect the data being sent to C2 servers.
- Technique: T1070 – Indicator Removal on Host; Procedure: Manipulates AndroidManifest.xml with unnecessary permissions to disrupt automated scanning.
Indicator of Compromise :
- [IP Address] 120.27.233.135
- [URL] https://onlinedeskapi.com