{"id":1006,"date":"2025-03-28T06:31:03","date_gmt":"2025-03-28T06:31:03","guid":{"rendered":"https:\/\/www.batteryone.co\/blog\/?p=1006"},"modified":"2025-03-28T06:31:03","modified_gmt":"2025-03-28T06:31:03","slug":"new-android-malware-uses-net-maui-to-evade-detection-and-target-users","status":"publish","type":"post","link":"https:\/\/www.batteryone.co\/blog\/archives\/1006","title":{"rendered":"New Android Malware Uses .NET MAUI to Evade Detection and Target Users"},"content":{"rendered":"\n<p>A new form of Android malware has been discovered this week, using&nbsp;<strong>Microsoft\u2019s .NET MAUI<\/strong>&nbsp;framework to evade traditional security detection. Disguised as legitimate services, such as banking and social media apps targeting Indian and Chinese-speaking users, the malware aims to steal sensitive information.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/assets.techrepublic.com\/uploads\/2025\/03\/motorola-amz-mar-25-1-370x478.jpg\" alt=\"\"\/><\/figure>\n\n\n\n<p>Experts from McAfee&#8217;s Mobile Research Team state that, although the malware is currently focused on China and India, other cybercriminal groups could easily adopt this technique to target a wider range of users globally.<\/p>\n\n\n\n<p>&gt;&gt;&gt;<a href=\"https:\/\/www.batteryone.co\/detail\/1747288\/BVSM-340\">BVSM-340 Replacement Battery for Vsmart Star 4<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">.NET MAUI\u2019s Hidden Danger: Bypassing Security<\/h2>\n\n\n\n<p>Microsoft introduced&nbsp;<strong>.NET MAUI<\/strong>&nbsp;in 2022 as a framework designed to simplify app development across both desktop and mobile platforms using&nbsp;<strong>C#<\/strong>, replacing the now-retired Xamarin tool. The framework\u2019s purpose is to make cross-platform app development more seamless and efficient.<\/p>\n\n\n\n<p>Traditionally, Android apps are developed using Java or Kotlin, with the resulting code stored in&nbsp;<strong>DEX (Dalvik Executable)<\/strong>&nbsp;files. These DEX files are closely scrutinized by Android\u2019s security systems for any signs of suspicious code. However, .NET MAUI allows developers to build Android apps with C#, and this results in the app\u2019s code being stored in&nbsp;<strong>binary \u201cblob\u201d files<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Blob Advantage: Malware\u2019s Evolving Tactics<\/h2>\n\n\n\n<p>These&nbsp;<strong>Binary Large Object (BLOB) files<\/strong>&nbsp;are essentially raw data chunks that do not follow a standardized file structure. The problem is that many Android security tools, designed to scan DEX files, fail to examine the inner contents of these BLOB files. As a result, a significant security blind spot is created, allowing malware to be hidden inside the blob without detection.<\/p>\n\n\n\n<p>For cybercriminals, embedding malicious code directly into these blob files is more efficient than waiting to deploy it through updates. This format allows for stealthy, immediate attacks that are much harder to detect.<\/p>\n\n\n\n<p>&gt;&gt;&gt;<a href=\"https:\/\/www.batteryone.co\/detail\/1747292\/ER6\">ER6 Replacement Battery for Maxell ER6<\/a><\/p>\n\n\n\n<p>McAfee warns that with these&nbsp;<strong>evasion techniques<\/strong>, malware can remain hidden for extended periods, making it significantly harder to analyze and identify. The discovery of multiple malware variants using the same core technique suggests that this method is becoming increasingly common among cybercriminals.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new form of Android malware has been discovered this week, using&nbsp;Microsoft\u2019s .NET MAUI&nbsp;framework to evade traditional security detection. Disguised as legitimate services, such as banking and social media apps targeting Indian and Chinese-speaking users, the malware aims to steal sensitive information. Experts from McAfee&#8217;s Mobile Research Team state that, although the malware is currently [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[19],"class_list":["post-1006","post","type-post","status-publish","format-standard","hentry","category-news","tag-smartphone"],"_links":{"self":[{"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/posts\/1006","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/comments?post=1006"}],"version-history":[{"count":1,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/posts\/1006\/revisions"}],"predecessor-version":[{"id":1007,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/posts\/1006\/revisions\/1007"}],"wp:attachment":[{"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/media?parent=1006"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/categories?post=1006"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/tags?post=1006"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}