TZUTC: -0500   
   MSGID: 690.consprcy@1:2320/105 2c4a9e3d   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Devious new Android malware uses a Microsoft tool to avoid being spotted   
      
   Date:   
   Wed, 26 Mar 2025 14:26:00 +0000   
      
   Description:   
   McAfee found at least two apps being used to steal sensitive data.   
      
   FULL STORY   
      
   Cybercriminals are abusing a legitimate Windows tool to create malicious   
   Android applications and steal their sensitive information, experts have   
   claimed.    
      
   Security researchers from McAfee showcased two examples caught in the wild,   
   claiming an unknown threat actor was abusing .NET MAUI, a cross-platform   
   development framework to create Android malware capable of evading detection.    
      
   These threats disguise themselves as legitimate apps, targeting users to    
   steal sensitive information, the report states.    
      
   Phishing and fake app stores   
      
   There were multiple ways .NET MAUI was used to bypass security protections,   
   McAfee further explained.    
      
   For one, the attackers were hiding the dangerous code inside a hidden storage   
   area (blob files) where most antivirus programs dont usually look.    
      
   Then, they used multi-stage dynamic loading (apps were loading small pieces    
   of code one at a time, decrypting them as they go), to make it harder for   
   security software to figure out what was going on.    
      
   Furthermore, they added unnecessary settings and permissions in the apps    
   files to confuse security scanners, and instead of using normal internet   
   requests that security tools can monitor, these fake apps use encrypted   
   messages and direct connections to send stolen data to the hackers.    
      
   The malicious apps were not present on any of the reputable app repositories,   
   such as the Google Play Store. Instead, they were found on unofficial app   
   stores, to which victims get redirected via phishing links and similar scams.    
      
   Among the malicious apps McAfee discovered a fake bank app and a fake SNS app   
   targeting the Chinese-speaking community.    
      
   Both apps were tasked with silently stealing data and exfiltrating it to the   
   attacker-owned C2 server.    
      
   As usual, the best way to defend against such threats is to only download    
   apps from official repositories, and even then - being careful, reading   
   reviews and other reports.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/devious-new-android-malware-uses-a-micr   
   osoft-tool-to-avoid-being-spotted   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426