New Android malware is using Microsoft’s .NET MAUI to fly under the radar in a new cybersecurity dust-up this week. Disguised as actual services such as banking and social media apps targeting Indian and Chinese-speaking users, the malware is designed to gain access to sensitive information.
Cybersecurity experts with McAfee’s Mobile Research Team say that, while the threat is currently aimed at China and India, other cybercriminal groups could easily adopt the same method to target a broader audience.
.NET MAUI’s hidden danger: Bypassing security
Microsoft launched .NET MAUI in 2022, a framework that lets developers build apps for both desktops and phones using C#, replacing the now retired Xamarin tool. The intent of .NET MAUI was to make it easier to create apps that work across different platforms.
Typically, Android apps are built with Java or Kotlin, and their code is stored in a format called DEX (Dalvik Executable); Android security systems are designed to scan these DEX files for anything weird-looking. However, .NET MAUI allows developers to build Android apps with C#, and in this case, the app’s code ends up in binary “blob” files.
Malware’s evolving tactics: The blob advantage
These Binary Large Object or “blob” files are essentially raw chunks of data that do not necessarily follow any standard file structure. The issue here is that many current Android security tools — built to analyze DEX files — do not inspect the inner contents of these blob files; this creates a significant security blind spot, as malware can be quietly embedded inside these blobs.
For cybercriminals, embedding malicious code from the outset is far more effective than waiting to deploy it through an update. The ‘blob’ format enables this kind of stealthy, immediate attack.
“With these evasion techniques, the threats can remain hidden for long periods, making analysis and detection significantly more challenging,” warns McAfee in its blog post on the subject. “Furthermore, the discovery of multiple variants using the same core techniques suggests that this type of malware is becoming increasingly common.”
SEE: Scam Alert: FBI ‘Increasingly Seeing’ Malware Distributed In Document Converters
Protecting your device: Security researchers’ advice
It’s always important to be careful where you get your apps from, especially if you’re not using the official app stores. McAfee researchers have found that “…these platforms are often exploited by attackers to distribute malware. This is especially concerning in countries like China, where access to official app stores is restricted, making users more vulnerable to such threats.”
To deal with how quickly cybercriminals come up with new tricks, McAfee strongly suggests that users “install security software on their devices and keep it up to date at all times.” Basically, staying alert and having good security in place are the baseline measures to stay safe from new threats.
