Infosecurity Magazine reports that threat actors have exploited Microsoft's .NET MAUI cross-platform development framework to craft fake apps masquerading as legitimate services that facilitate covert compromise in new Android malware campaigns.
Android device users in India have been targeted with an attack involving a bogus IndusInd Bank app that lures users into inputting their personal and financial information, which are later exfiltrated to threat actors' command-and-control server, according to a McAfee report. On the other hand, Chinese users have been subjected to an intrusion involving a fraudulent social networking site that enabled multi-stage malware compromise to further evade detection. Such campaigns should prompt Android and other mobile users to be vigilant of apps seeking excessive permissions, leverage security software, and download apps from official app marketplaces, said McAfee researchers. "To keep up with the rapid evolution of cyber-criminal tactics, users are strongly advised to install security software on their devices and keep it up to date at all times," noted McAfee.
