Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection

Android Malware Exploits a Microsoft-related Security Blind Spot to Avoid Detection

Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection

Home » News » Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection
Table of Contents
Motorola Moto G Power 5g.
this motorola moto g energy 5g exhibits the midnight blue coloration choice picture amazon

New Android malware is utilizing Microsoft’s .NET MAUI to fly below the radar in a brand new cybersecurity dust-up this week. Disguised as precise providers akin to banking and social media apps focusing on Indian and Chinese language-speaking customers, the malware is designed to realize entry to delicate data.

Cybersecurity specialists with McAfee’s Cellular Analysis Workforce say that, whereas the risk is at the moment geared toward China and India, different cybercriminal teams may simply undertake the identical technique to focus on a broader viewers.

.NET MAUI’s hidden hazard: Bypassing safety

Microsoft launched .NET MAUI in 2022, a framework that lets builders construct apps for each desktops and telephones utilizing C#, changing the now retired Xamarin software. The intent of .NET MAUI was to make it simpler to create apps that work throughout totally different platforms.

Usually, Android apps are constructed with Java or Kotlin, and their code is saved in a format referred to as DEX (Dalvik Executable); Android safety methods are designed to scan these DEX information for something weird-looking. Nevertheless, .NET MAUI permits builders to construct Android apps with C#, and on this case, the app’s code results in binary “blob” information.

Malware’s evolving techniques: The blob benefit

These Binary Massive Object or “blob” information are basically uncooked chunks of knowledge that don’t essentially comply with any commonplace file construction. The difficulty right here is that many present Android safety instruments — constructed to research DEX information — don’t examine the internal contents of those blob information; this creates a big safety blind spot, as malware may be quietly embedded inside these blobs.

For cybercriminals, embedding malicious code from the outset is way simpler than ready to deploy it by way of an replace. The ‘blob’ format allows this sort of stealthy, speedy assault.

“With these evasion strategies, the threats can stay hidden for lengthy durations, making evaluation and detection considerably more difficult,” warns McAfee in its weblog put up on the topic. “Moreover, the invention of a number of variants utilizing the identical core strategies means that this kind of malware is changing into more and more frequent.”

SEE: Rip-off Alert: FBI ‘More and more Seeing’ Malware Distributed In Doc Converters

Defending your system: Safety researchers’ recommendation

It’s at all times vital to watch out the place you get your apps from, particularly in case you’re not utilizing the official app shops. McAfee researchers have discovered that “…these platforms are sometimes exploited by attackers to distribute malware. That is particularly regarding in nations like China, the place entry to official app shops is restricted, making customers extra susceptible to such threats.”

To cope with how rapidly cybercriminals provide you with new tips, McAfee strongly means that customers “set up safety software program on their units and preserve it updated always.” Mainly, staying alert and having good safety in place are the baseline measures to remain protected from new threats.

author avatar
roosho Senior Engineer (Technical Services)
I am Rakib Raihan RooSho, Jack of all IT Trades. You got it right. Good for nothing. I try a lot of things and fail more than that. That's how I learn. Whenever I succeed, I note that in my cookbook. Eventually, that became my blog. 
share this article.

Enjoying my articles?

Sign up to get new content delivered straight to your inbox.

Please enable JavaScript in your browser to complete this form.
Name