Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

How Brex is catching up to AI by embracing “confusion”

Adaptive Reuse Creates Homes in Suburban Texas Strip Malls

Investigation: Anti-homelessness laws don’t work

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Hackers use .NET Maui to target fake bankers, Indian and Chinese users on social apps
Identity

Hackers use .NET Maui to target fake bankers, Indian and Chinese users on social apps

userBy userMarch 25, 2025No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

March 25, 2025Ravi LakshmananMobile Security/Data Theft

Fake banks, social apps

Cybersecurity researchers have drawn attention to Android malware campaigns that leverage Microsoft’s .NET Multi-Platform Apps UI (.NET MAUI) framework, creating fake bankers and social media apps targeting Indian and Chinese users.

“These threats hide themselves in legitimate apps and target users to steal sensitive information,” said Dexter Shin, researcher at McAfee Labs.

.Net Maui is Microsoft’s cross-platform desktop and mobile app framework for creating native applications using C# and XAML. It represents the evolution of Xamarin, with the added ability to not only create multi-platform apps using a single project, but also incorporate platform-specific source code when needed.

It is worth noting that official support for Xamarin ended on May 1, 2024, and the tech giant has encouraged developers to move to .Net Maui.

Cybersecurity

Android malware implemented using Xamarin has been detected in the past, but it is the latest development signal that threat actors continue to adapt and refine their tactics by developing new malware using .NET MAUI.

“These apps have core functionality written entirely in C# and stored as blob binary,” Singh said. “This means that unlike traditional Android apps, those features are not present in DEX files or native libraries.”

This gives threat actors new benefits in that .NET Maui acts as a packer, allowing malicious artifacts to avoid detection and last for a long time on victim devices.

.NET MAUI-based Android apps are collectively referred to as CodeNead Fakeapp and are listed below for related package names.

Fake banks, social apps

x(pkprig.cljobo) Mikujo (pkdhcg.ceongl) x(pdhe3s.cxbdxz) x(ppl74t.cgddfk) upid (pommnc.cstgat) x(pinuu.cbb8ak) Personal secret (pbonci.cuvnxz) x•gdn (pbonci.ckhe.ckhe.ckhe.ckhe.ckhe. (pcdhcg.ceongl) Microcosm (p9z2ej.cplkqv) x(pdxatr.c9c6j7) Mikujo (pg92li.cdbrq7) Iren (pzqa70.cfzo30)

There is no evidence that these apps are distributed to Google Play. Rather, the main propagation vector involves the user tricking them into clicking on fake links sent via messaging apps that redirect infinite recipients to the informal app store.

Cybersecurity

In one example highlighted by McAfee, the app disguises itself as an Indian financial institution to collect sensitive information about users, such as their full name, mobile phone number, email address, date of birth, residential address, credit card number, and government-issued identifiers.

Another app mimics social media site X and steals contacts, SMS messages, and photos from victim devices. The app is primarily targeted at Chinese-speaking users through third-party websites or alternative app stores.

In addition to sending harvested data to a command and control (C2) server using encrypted socket communication, it has been observed that in the AndroidManifest.xml file (“android.permission.lhssziw6q”) include some meaningless permissions in the AndroidManifest.xml file in an attempt to destroy the analysis tool.

Also, to leave it undetected, it is a technique called multistage dynamic loading that uses an XOR encryption loader responsible for launching the AES encrypted payload that loads .NET MAUI assembly designed to run malwork.

“The main payload is ultimately hidden within C# code,” Shin said. “When a user interacts with an app, such as pressing a button, the malware quietly steals data and sends it to the C2 server.”

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleAn innovative marine biology observation system
Next Article Despite EV growth, Tesla sales in Europe plummeted | Automotive Industry News
user
  • Website

Related Posts

Taiwan NSB warns the public about the risks of data reintroducing Tiktok, Waibo and Chinese ties

July 5, 2025

The exposed JDWP interface leads to crypto mining, and Hpingbot targets DDO’s SSH

July 5, 2025

TwinH: A New Frontier in the Pursuit of Immortality?

July 4, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

How Brex is catching up to AI by embracing “confusion”

Adaptive Reuse Creates Homes in Suburban Texas Strip Malls

Investigation: Anti-homelessness laws don’t work

In the US, urban gondolas face uphill battles

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

TwinH: A New Frontier in the Pursuit of Immortality?

Meta’s Secret Weapon: The Superintelligence Unit That Could Change Everything 

Unlocking the Power of Prediction: The Rise of Digital Twins in the IoT World

TwinH: Digital Human Twin Aims for Victory at Break the Gap 2025

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.