Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection
rewrite
The new Android malware uses .NET MAUI of Microsoft to fly under the radar in a new cybersecurity dust this week. Disguised as real services such as banking and social media applications targeting Indian and Chinese users, malware is designed to access sensitive information.
Cybersecurity experts from McAfee’s mobile research team say that, although the threat is currently addressed to China and India, other cybercrimin groups could easily adopt the same method to target a wider audience.
Hidden danger of .NET MAUI: Bypassing security
Microsoft launched .NET MAUI in 2022, a framework that allows developers to create applications for desktop computers and phones using C #, by replacing the Xamarin tool now removed. The intention of .NET MAUI was to facilitate the creation of applications that work on different platforms.
As a rule, Android applications are built with Java or Kotlin, and their code is stored in a format called DEX (executable dalvik); Android safety systems are designed to scan these DEX files for all that is strange. However, .NET MAUI allows developers to create Android applications with C #, and in this case, the application code ends in “Blob” binary files.
Evolving malware tactics: the blob advantage
These binary files of large objects or “blob” are essentially raw data pieces that do not necessarily follow a standard file structure. The problem here is that many current Android safety tools – designed to analyze DEX files – do not inspect the interior content of these Blob files; This creates a significant safety angle, as malicious software can be quietly integrated inside these Blobs.
For cybercriminals, the integration of the malicious code from the start is much more effective than waiting to deploy it via an update. The “blob” format allows this kind of immediate and immediate attack.
“With these escape techniques, threats can remain hidden for long periods, which makes analysis and detection much more difficult”, ” warns McAfee In his blog article on the subject. “In addition, the discovery of several variants using the same basic techniques suggests that this type of malware becomes more and more common.”
SEE: Damage alert: FBI “See more and more” malware distributed in documents of documents
Protect your device: advice from safety researchers
It is always important to be careful where you get your applications, especially if you do not use official application stores. MCAFEE researchers found that “… these platforms are often exploited by attackers to distribute malicious software.
To cope with the speed with which cybercriminals offer new tips, McAfee strongly suggests that users “install security software on their devices and keep it up to date”. Basically, staying vigilant and having good security in place are the benchmark measures to stay away from new threats.
and keep HTML tags
The new Android malware uses .NET MAUI of Microsoft to fly under the radar in a new cybersecurity dust this week. Disguised as real services such as banking and social media applications targeting Indian and Chinese users, malware is designed to access sensitive information.
Cybersecurity experts from McAfee’s mobile research team say that, although the threat is currently addressed to China and India, other cybercrimin groups could easily adopt the same method to target a wider audience.
Hidden danger of .NET MAUI: Bypassing security
Microsoft launched .NET MAUI in 2022, a framework that allows developers to create applications for desktop computers and phones using C #, by replacing the Xamarin tool now removed. The intention of .NET MAUI was to facilitate the creation of applications that work on different platforms.
As a rule, Android applications are built with Java or Kotlin, and their code is stored in a format called DEX (executable dalvik); Android safety systems are designed to scan these DEX files for all that is strange. However, .NET MAUI allows developers to create Android applications with C #, and in this case, the application code ends in “Blob” binary files.
Evolving malware tactics: the blob advantage
These binary files of large objects or “blob” are essentially raw data pieces that do not necessarily follow a standard file structure. The problem here is that many current Android safety tools – designed to analyze DEX files – do not inspect the interior content of these Blob files; This creates a significant safety angle, as malicious software can be quietly integrated inside these Blobs.
For cybercriminals, the integration of the malicious code from the start is much more effective than waiting to deploy it via an update. The “blob” format allows this kind of immediate and immediate attack.
“With these escape techniques, threats can remain hidden for long periods, which makes analysis and detection much more difficult”, ” warns McAfee In his blog article on the subject. “In addition, the discovery of several variants using the same basic techniques suggests that this type of malware becomes more and more common.”
SEE: Damage alert: FBI “See more and more” malware distributed in documents of documents
Protect your device: advice from safety researchers
It is always important to be careful where you get your applications, especially if you do not use official application stores. MCAFEE researchers found that “… these platforms are often exploited by attackers to distribute malicious software.
To cope with the speed with which cybercriminals offer new tips, McAfee strongly suggests that users “install security software on their devices and keep it up to date”. Basically, staying vigilant and having good security in place are the benchmark measures to stay away from new threats.
Source link Tags: .net, Android, cybersecurity, developers, Google, malware, Microsoft, mobile safety
