Microsoft’s .NET MAUI Tool Leveraged for Android Malware Deployment

Threat actors exploited Microsoft's .NET MAUI cross-platform development framework to craft fake apps, Infosecurity Magazine reports. The apps masquerade as legitimate services, facilitating covert compromise in new Android malware campaigns. Android device users in India have been targeted with an attack involving a bogus IndusInd Bank app that lures users into inputting their personal and financial information, which are later exfiltrated to threat actors' command-and-control server, according to a McAfee report. Chinese users have been subjected to an intrusion involving a fraudulent social networking site that enabled multi-stage malware compromise to further evade detection. These campaigns should prompt Android and other mobile users to be vigilant and wary of apps seeking excessive permissions, leverage security software, and download apps from official app marketplaces, said McAfee researchers. "To keep up with the rapid evolution of cyber-criminal tactics, users are strongly advised to install security software on their devices and keep it up to date at all times," noted McAfee. A Google spokesperson addressed the claim, saying, "Based on our current detection, no apps containing this malware are found on Google Play. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play."