New Android malware uses Microsoft’s .NET MAUI to evade detection

New Android malware campaigns use Microsoft's cross-platform framework .NET MAUI while disguising as legitimate services to evade detection. The tactic was observed by McAfee's Mobile Research Team, a member of the App Defense Alliance dedicated to enhancing Android security. Although the apps McAfee observed target users in China and India, uncovering the attacks is important as the targeting scope could broaden, and the same tactic may be adopted by other cybercriminals soon. Using .NET MAUI on Android Launched in 2022, .NET MAUI is an app development framework in C#, introduced by Microsoft as a replacement to Xamarin, supporting both desktop and mobile platforms. Typically, Android apps are written in Java/Kotlin and store the code in DEX format, but it's technically possible to use .NET MAUI to build an Android app in C# with the app's logic stored inside binary blob files. Contemporary Android security tools are designed to scan DEX files for suspicious logic and do not exa ... Read full article.