Summary: New Android malware campaigns leveraging Microsoft’s .NET MAUI framework have emerged, allowing attackers to disguise malicious apps as legitimate services to evade detection. These tactics, first reported by McAfee, pose a significant security risk, especially as targeting could expand beyond China and India. The use of multi-layered encryption and the unique storage of app logic in binary blob files complicates detection efforts further.
Affected: Android users and app developers
Keypoints :
- Attackers are utilizing .NET MAUI to design Android apps that can bypass traditional security scans focusing on DEX files.
- Malware campaigns observed include fake banking and social media apps targeting users in regions with alternative app distribution methods.
- To minimize risks, users should avoid third-party APK downloads and ensure Google Play Protect is active on their devices.