Image by Kelli McClintock, from Unsplash

Fake Banking And Social Apps Steal User Data Using .NET MAUI

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Sarah Frazier Former Content Manager

Android malware spread through new cybercriminal tactics now utilizes Microsoft’s .NET MAUI framework.

In a rush? Here are the quick facts:

• Malicious apps steal banking details and personal data from users.
• Multi-stage encryption helps malware evade security scans.
• Malware spreads through unofficial app stores and phishing links.

The McAfee Mobile Research Team discovered malware attacks that utilize .NET MAUI to evade detection systems which allows deceptive malicious applications to extract user information.

The .NET MAUI framework from Microsoft functions as a replacement for Xamarin to let developers build cross-platform applications that work on Android and iOS systems as well as Windows and macOS platforms.

The replacement technology serves as a tool for criminals who hide their malicious code inside encrypted files which makes detection by antivirus systems challenging.

The research team identified two separate malware campaigns that used .NET MAUI to disguise themselves as a banking application and a social media platform.

The fake banking application directed users from India to provide personal and financial information when they launched the program. Attackers operate a server that receives the sensitive information collected from victims.

The malware remains undetectable by traditional security tools because its harmful code exists within hidden files instead of standard Android components.

The second malware disguises itself as a social media application to deceive users who speak Chinese. The system uses complex multi-layer encryption, which protects its malicious activities and conceals its actual harmful functions.

This malware steals contacts, messages, and photos without alerting security scanners while performing its operations. The malware manipulates Android permission files to fool security scanners, and it encrypts stolen data before attackers can retrieve it.

The malware variants stay undiscovered for extended periods because of their advanced evasion techniques. Security tools become disoriented by excessive obfuscation, such as manipulating permission settings with meaningless code, which confuses security tools and disrupts analysis.

In light of these findings, people who want to avoid becoming victims should exercise extreme caution when downloading mobile applications from unknown sources.

Image by NordWood Themes, from Unsplash

Google To Hide Android OS Development From Public, Citing Efficiency Needs

• Written by Kiara Fabbri Former Tech News Writer
• Fact-Checked by Sarah Frazier Former Content Manager

Google has announced that all the future Android development will take place internally without involving public-facing repositories.

In a rush? Here are the quick facts:

• Google will develop Android privately but still release its source code after official launches.
• Android Open Source Project (AOSP) will no longer provide real-time development updates.
• Independent developers and custom ROM creators will face challenges tracking Android updates.

This means that while Android remains open-source, external developers will no longer have real-time insight into its development process, as first reported by Android Authority (AA) .

Before, Google had two main branches of Android: the Android Open Source Project (AOSP) which was public, and an internal private branch. The Bluetooth stack was developed in the public domain, but the core OS features were developed internally, noted AA.

However, the process of maintaining both branches was quite complicated and sometimes resulted in merging code into conflicts. Google states that developing the operating system in-house will help to speed up the development process and will eliminate some inefficiencies, as reported by AA.

According to the company their “ aim is to focus attention on the current stable version of the Android source code while we create the next version of the platform. This allows developers and OEMs to use a single version without tracking unfinished future work just to keep up.”

The change will not affect the availability of Android’s source code. Google will also continue publishing updates after every official release and so when Android 16 launches later this year, the source code of Android 16 will be made public, as noted by AA.

The Linux kernel fork used in Android is also open source due to the GPLv2 license which requires source code disclosure, says AA.

The change will not affect the average Android user in any way. The process of updating devices will not change and app developers will not be affected as they work with the final releases of the code rather than the code in development, says AA.

But for those who are independent developers and who contribute to AOSP or create custom ROMs such as LineageOS, this change may be a challenge. Before, they were able to see what Google was working on in real time using AOSP updates, but now they will have to wait for full version releases, as noted by AA.

The AOSP commits will also be a problem for tech reporters and analysts who have used them to find out about upcoming features. The ability to leak such information, such as the discovery of the Pixel’s webcam feature and hints of when Android 16 would be released, was made possible by the AOSP code changes, as noted by AA.

Such information will become difficult to come by since development is now taking place behind the scenes. Although there is a problem with transparency, Google explains that the decision was made in order to improve the development of Android in the long run.

We expect more information about the change when Google makes its official announcement later this week.