We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Devious new Android malware uses a Microsoft tool to avoid being spotted

March 26, 2025

Cybercriminals are increasingly leveraging legitimate software tools to craft deceptive Android applications aimed at pilfering sensitive user information. Recent findings from McAfee reveal that hackers are exploiting .NET MAUI, a cross-platform development framework, to develop sophisticated malware that can evade detection by conventional antivirus programs.

In their investigation, McAfee researchers identified two specific instances of this malicious activity, highlighting the ingenuity of an unidentified threat actor. The malware operates through a multi-stage dynamic loading process, where the applications load small segments of code incrementally, decrypting them as they progress. This method complicates the ability of security software to discern the true nature of the applications.

To further obfuscate their intentions, the hackers have incorporated extraneous settings and permissions within the app files, creating confusion for security scanners. Rather than utilizing standard internet requests that could be monitored by security tools, these fraudulent applications employ encrypted communications and direct connections to transmit stolen data back to the hackers.

Distribution Channels and Targeted Demographics

Notably, these malicious applications are conspicuously absent from reputable app repositories like the Google Play Store. Instead, they circulate through unofficial app stores, often accessed by unsuspecting victims via phishing links and other deceptive tactics. Among the identified threats are a counterfeit banking application and a fraudulent social networking service (SNS) app, both targeting the Chinese-speaking community.

The primary objective of these apps is to stealthily extract and exfiltrate user data to servers controlled by the attackers. As the landscape of cyber threats continues to evolve, experts emphasize the importance of vigilance. Users are advised to download applications solely from official repositories and to exercise caution by reviewing user feedback and reports before installation.

AppWizard
Devious new Android malware uses a Microsoft tool to avoid being spotted