New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI

    Wednesday, March 26, 2025 In: Threat Research Print

    Date: 03/26/2025

    Severity: Medium

    Summary

    "New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI" discusses how cybercriminals are exploiting the .NET MAUI framework to create malware that bypasses security measures. These threats disguise themselves as legitimate apps to steal sensitive information. The blog highlights the malware's evasion techniques and provides recommendations for staying protected.

    Indicators of Compromise (IOC) List

    URL/Domain

    https://onlinedeskapi.com 

    IP Address

    120.27.233.135

    Hash

    04b8902831ea4546d84146ba8dbf84656577656c43f41b09c5f6ce0b78cel6f6

16dl76c09531da744093b90f223018370bel0e8ad60edd74f84cbf16cb49e9b3

510a87bb9636d7a7Ibcac6a2158d4fa6abbefbcll5a0eadc9b1b43al0e9f14bb

04139634480530a8565b4725b835b3c62684b8213c34f243b27ea6cee16861d9

e3e161277f820ab1277d25662f7e9da6ed36f7697881b8c6110682e9d043ac8f

f70731d175739ae22e7b49cf9f0752dfa405d7f3ceae3a4b8a5c903185dOf2dc

3c0d692f399aa40eac26c6e0754bf9612a46947a4adde5laef66a50ab3769ba3

7f6becb9f08221a66105276e46900eac7d397c2d09ececaflb9b3532e5a8bcl2

16d176c09531da744093b90f223018370bel0e8ad60edd74f84cbf16cb49e9b3

22f14ea4e540a695b97ce4518b6e5a6989565ce90c8601d38634ed5f865d85lf

53e949092874f32c2ff395alldff36ef69723b76ea44a5888c636bblee5f957c

157a896e9876f309241371e4470b5e32fa26c857aabf8c8ff89e71bd78b99263

eda4f8b6adc8b71d30b97f910880953317494547belaa99405096c14ce8e9e96

eee469a0cf48f94e15d7f84c750cd820a46b6ae8211baed9023bcce446eac8e2

0f5568d9eall97e88b22d042d9d2b39c505ba062c63bf74b909cef8041c97086

345eef06415790547537f434ba5a609e0eae805b282b3f9f916cc31b372c5dac

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    domainname like "https://onlinedeskapi.com" or siteurl like "https://onlinedeskapi.com"

    Detection Query 2

    dstipaddress IN ("120.27.233.135") or ipaddress IN ("120.27.233.135") or publicipaddress IN ("120.27.233.135") or srcipaddress IN ("120.27.233.135")

    Detection Query 3

    sha256hash IN ("157a896e9876f309241371e4470b5e32fa26c857aabf8c8ff89e71bd78b99263","04139634480530a8565b4725b835b3c62684b8213c34f243b27ea6cee16861d9","345eef06415790547537f434ba5a609e0eae805b282b3f9f916cc31b372c5dac","e3e161277f820ab1277d25662f7e9da6ed36f7697881b8c6110682e9d043ac8f","04b8902831ea4546d84146ba8dbf84656577656c43f41b09c5f6ce0b78cel6f6","16dl76c09531da744093b90f223018370bel0e8ad60edd74f84cbf16cb49e9b3","510a87bb9636d7a7Ibcac6a2158d4fa6abbefbcll5a0eadc9b1b43al0e9f14bb","f70731d175739ae22e7b49cf9f0752dfa405d7f3ceae3a4b8a5c903185dOf2dc","3c0d692f399aa40eac26c6e0754bf9612a46947a4adde5laef66a50ab3769ba3","7f6becb9f08221a66105276e46900eac7d397c2d09ececaflb9b3532e5a8bcl2","16d176c09531da744093b90f223018370bel0e8ad60edd74f84cbf16cb49e9b3","22f14ea4e540a695b97ce4518b6e5a6989565ce90c8601d38634ed5f865d85lf","53e949092874f32c2ff395alldff36ef69723b76ea44a5888c636bblee5f957c","eda4f8b6adc8b71d30b97f910880953317494547belaa99405096c14ce8e9e96","eee469a0cf48f94e15d7f84c750cd820a46b6ae8211baed9023bcce446eac8e2","0f5568d9eall97e88b22d042d9d2b39c505ba062c63bf74b909cef8041c97086")

    Reference:  

    https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui/       


    Tags

    MalwareAndroid.NET

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.