{"id":580,"date":"2025-03-27T20:05:01","date_gmt":"2025-03-27T20:05:01","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4300153"},"modified":"2025-03-27T20:05:01","modified_gmt":"2025-03-27T20:05:01","slug":"android-malware-exploits-a-microsoft-related-security-blind-spot-to-avoid-detection","status":"publish","type":"post","link":"https:\/\/blog.tecnoartesanos.com\/index.php\/2025\/03\/27\/android-malware-exploits-a-microsoft-related-security-blind-spot-to-avoid-detection\/","title":{"rendered":"Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection"},"content":{"rendered":"
\"Motorola
This Motorola Moto G Power 5G shows the midnight blue color option. Image: Amazon<\/figcaption><\/figure>\n

New Android malware is using Microsoft\u2019s .NET MAUI to fly under the radar in a new cybersecurity dust-up this week. Disguised as actual services such as banking and social media apps targeting Indian and Chinese-speaking users, the malware is designed to gain access to sensitive information.<\/p>\n

Cybersecurity experts with McAfee\u2019s Mobile Research Team say that, while the threat is currently aimed at China and India, other cybercriminal groups could easily adopt the same method to target a broader audience.<\/p>\n

<\/span>.NET MAUI\u2019s hidden danger: Bypassing security<\/span><\/h2>\n

Microsoft launched .NET MAUI in 2022, a framework that lets developers build apps for both desktops and phones using C#, replacing the now retired Xamarin tool. The intent of .NET MAUI was to make it easier to create apps that work across different platforms.<\/p>\n

Typically, Android apps are built with Java or Kotlin, and their code is stored in a format called DEX (Dalvik Executable); Android security systems are designed to scan these DEX files for anything weird-looking. However, .NET MAUI allows developers to build Android apps with C#, and in this case, the app\u2019s code ends up in binary \u201cblob\u201d files.<\/p>\n

<\/span>Malware\u2019s evolving tactics: The blob advantage<\/span><\/h2>\n

These Binary Large Object or \u201cblob\u201d files are essentially raw chunks of data that do not necessarily follow any standard file structure. The issue here is that many current Android security tools \u2014 built to analyze DEX files \u2014 do not inspect the inner contents of these blob files; this creates a significant security blind spot, as malware can be quietly embedded inside these blobs.<\/p>\n

For cybercriminals, embedding malicious code from the outset is far more effective than waiting to deploy it through an update. The \u2018blob\u2019 format enables this kind of stealthy, immediate attack.<\/p>\n

\u201cWith these evasion techniques, the threats can remain hidden for long periods, making analysis and detection significantly more challenging,\u201d warns McAfee<\/a> in its blog post on the subject. \u201cFurthermore, the discovery of multiple variants using the same core techniques suggests that this type of malware is becoming increasingly common.\u201d<\/p>\n

SEE: Scam Alert: FBI \u2018Increasingly Seeing\u2019 Malware Distributed In Document Converters<\/a><\/strong><\/p>\n