{"id":210987,"date":"2025-03-24T21:01:31","date_gmt":"2025-03-25T04:01:31","guid":{"rendered":"https:\/\/www.mcafee.com\/blogs\/?p=210987"},"modified":"2025-06-02T23:43:39","modified_gmt":"2025-06-03T06:43:39","slug":"new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/","title":{"rendered":"New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI\u00a0"},"content":{"rendered":"

Authored by Dexter Shin<\/span><\/i>\u00a0<\/span><\/p>\n

Summary<\/span>\u00a0<\/span><\/h2>\n

Cybercriminals are <\/span>constantly evolving their techniques to bypass security measures. Recently, <\/span>the <\/span>McAfee Mobile Research Team<\/span> discovered malware campaigns abusing .NET MAUI, a cross-platform development framework, to evade detection. These threats disguise themselves as legitimate apps, targeting users to steal sensitive information. This blog highlights <\/span>how <\/span>these malware<\/span> operate<\/span>, their evasion techniques, and key recommendations for staying protected.<\/span><\/span>\u00a0<\/span><\/p>\n

Background<\/span>\u00a0<\/span><\/h2>\n

In recent years, cross-platform mobile development frameworks have grown in popularity. Many developers use tools like Flutter and React Native to build apps that work on both Android and iOS. Among these tools, Microsoft provides a framework based on C#, called Xamarin. Since Xamarin is well-known, cybercriminals sometimes use it to develop malware. We have previously found malware related to this framework<\/a>. However, Microsoft ended support for Xamarin in May 2024 and introduced .NET MAUI as its replacement.<\/p>\n

Unlike Xamarin, .NET MAUI expands platform support beyond mobile to include Windows and macOS. It also runs on .NET 6+, replacing the older .NET Standard, and introduces performance optimizations with a lightweight handler-based architecture instead of custom renderers.<\/p>\n

As technology evolves, cybercriminals adapt as well. Reflecting this trend, we recently discovered new Android malware campaigns developed using .NET MAUI. These Apps have their core functionalities written entirely in C# and stored as blob binaries. This means that unlike traditional Android apps, their functionalities do not exist in DEX files or native libraries. However, many antivirus solutions focus on analyzing these components to detect malicious behavior. As a result, .NET MAUI can act as a type of packer, allowing malware to evade detection and remain active on devices for a long time.<\/p>\n

In the following sections, we will introduce two Android malware campaigns that use .NET MAUI to evade detection. These threats disguise themselves as legitimate services to steal sensitive information from users. We will explore how they operate and why they pose a significant risk to mobile security.<\/p>\n

Am I protected?<\/span>\u00a0<\/span><\/h2>\n

McAfee Mobile Security already detects all of these apps as <\/span>Android\/FakeApp<\/span><\/b> and protects users from these threats. For more information about our Mobile Product, visit <\/span>McAfee Mobile Security<\/span><\/a>.<\/span>\u00a0<\/span><\/p>\n

Technical Findings<\/span>\u00a0<\/span>\u00a0<\/span><\/h2>\n

While we found multiple versions of these malicious apps, the following two examples are used to demonstrate how they evade detection.<\/span>\u00a0<\/span><\/p>\n

First off, where are users finding these malicious apps? Often, these apps are distributed through unofficial app stores. Users are typically directed to such stores by clicking on phishing links made available by untrusted sources on messaging groups or text messages. This is why we recommend at McAfee that users avoid clicking on untrusted links.<\/span>\u00a0<\/span><\/p>\n

Example 1: Fake Bank App<\/span>\u00a0<\/span><\/h4>\n

Th<\/span>e first<\/span> fake app<\/span> we <\/span>found <\/span>disguises itself as IndusInd Bank, specifically targeting Indian users. <\/span>When a user launches the app, it prompts them to <\/span>input<\/span> personal and financial details, including their name, phone number, email, date of birth, and banking information.<\/span> Once the user <\/span>submits<\/span> this data, it is <\/span>immediately<\/span> sent to the attacker’s C2 (Command and Control) server.<\/span><\/span>\u00a0<\/span><\/p>\n

\"\"\u00a0<\/span><\/p>\n

Figure <\/b>1<\/b>. Fake IndusInd Bank app’s screen requesting user information <\/b><\/em><\/p>\n

As mentioned earlier, this is not a traditional Android malware. Unlike typical malicious apps, there are no obvious traces of harmful code in <\/span>the Java<\/span> or native code. Instead, the malicious <\/span>code<\/span> is hidden within blob files <\/span>located<\/span> inside the <\/span>assemblies<\/span> directory.<\/span><\/span>\u00a0<\/span><\/p>\n

\u00a0<\/span> \"\"<\/span><\/p>\n

Figure <\/b>2<\/b>. Blob contains malicious code<\/b>\u00a0<\/em><\/p>\n

\u00a0<\/span>The following code snippet reveals how the app collects and transmits user data to the C2 server. Based on the code, the app structures the required information as parameters before sending it to the C2 server.<\/span>\u00a0<\/span><\/p>\n

\"\"<\/p>\n

Figure <\/b>3<\/b>. C# code responsible for stealing user data and sending it to the C2 server<\/b><\/em>\u00a0<\/span>\u00a0<\/span>\u00a0<\/span><\/p>\n

<\/h4>\n

Example 2: Fake SNS App<\/span>\u00a0<\/span>\u00a0<\/span><\/h4>\n

In contrast to<\/span> the <\/span>first fake<\/span> app,<\/span><\/span> this <\/span>second<\/span> malware is even more difficult <\/span>for security <\/span>software<\/span> to analyze. It specifically targets Chinese-speaking users and <\/span>attempts<\/span> to steal contacts, SMS messages, and photos from their devices.<\/span> In China, where access to the Google Play Store is restricted, such apps are often distributed through third-party websites or alternative app stores. This allows attackers to spread their malware more easily, especially in regions with limited access to official app stores.<\/span><\/span>\u00a0<\/span>\"\"<\/span><\/p>\n

Figure <\/b>4<\/b>. Distribution site and fake X app targeting Chinese-speaking users<\/b>\u00a0<\/em><\/p>\n

One of the key techniques this malware uses to remain undetected is <\/span>multi-stage dynamic loading<\/span><\/i>. Instead of directly embedding its malicious payload in an easily accessible format, it encrypts and loads its DEX files in three separate stages, making analysis significantly more difficult.<\/span>\u00a0<\/span><\/p>\n

In the first stage, the app’s main activity, defined in AndroidManifest.xml, decrypts an XOR-encrypted file and loads it dynamically. This initial file acts as a loader for the next stage. In the second stage, the dynamically loaded file decrypts another AES-encrypted file and loads it. This second stage still does not reveal the core malicious behavior but serves as another layer of obfuscation. Finally, in the third stage, the decrypted file contains code related to the .NET MAUI framework, which is then loaded to execute the main payload.<\/span>\u00a0<\/span><\/p>\n

\"\"<\/p>\n

Figure <\/b>5<\/b>. Multi-stage dynamic loading<\/b>\u00a0<\/em><\/p>\n

The main payload is ultimately hidden within the C# code. When the user interacts with the app, such as pressing a button, the malware silently steals their data and sends it to the C2 server.<\/span>\u00a0<\/span><\/p>\n

\"\"
\n<\/span><\/p>\n

Figure <\/b>6<\/b>. C# code responsible for stealing images, contacts, and SMS data<\/b>\u00a0<\/em><\/p>\n

Beyond multi-stage dynamic loading, this malware also employs additional tricks to make analysis more difficult. One technique is <\/span>manipulating the AndroidManifest.xml file<\/span><\/i> by adding an excessive number of unnecessary permissions. These permissions include large amounts of meaningless, randomly generated strings, which can cause errors in certain analysis tools. This tactic helps the malware evade detection by disrupting automated scanners and static analysis.<\/span>\u00a0<\/span><\/p>\n

\"\"\u00a0<\/span><\/p>\n

Figure <\/b>7<\/b>. AndroidManifest.xml file with excessive random permissions<\/b><\/em>\u00a0<\/span><\/p>\n

Another key technique is <\/span>encrypted socket communication<\/span><\/i>. Instead of using standard HTTP requests, which are easier to intercept, the malware relies on TCP socket connections to transmit data. This approach makes it difficult for traditional HTTP proxy tools to capture network traffic. Additionally, the malware encrypts the data before sending it, meaning that even if the packets are intercepted, their contents remain unreadable.<\/span>\u00a0<\/span><\/p>\n

One more important aspect to note is that this malware adopts various themes to attract users. In addition to the fake X app, we also discovered several dating apps that use the same techniques. These apps had different background images but shared the same structure and functionality, indicating that they were likely created by the same developer as the fake X app. The continuous emergence of similar apps suggests that this malware is being widely distributed among Chinese-speaking users.<\/span>\u00a0<\/span><\/p>\n

\u00a0<\/span><\/p>\n

\"\"<\/span><\/p>\n

Figure <\/b>8<\/b>. Various fake apps using the same technique<\/b>\u00a0<\/em><\/p>\n

\u00a0<\/span><\/p>\n

Recommendations and Conclusion<\/span>\u00a0<\/span><\/h3>\n

The rise of .NET MAUI-based malware highlights how cybercriminals are evolving their techniques to avoid detection. Some of the techniques described include:<\/span>\u00a0<\/span>\u00a0<\/span><\/p>\n

    \n
  • hiding code blobs within assemblies<\/span>\u00a0<\/span><\/li>\n<\/ul>\n
      \n
    • multi-stage dynamic loading<\/span>\u00a0<\/span><\/li>\n<\/ul>\n
        \n
      • encrypted communications<\/span>\u00a0<\/span><\/li>\n<\/ul>\n
          \n
        • excessive obfuscation<\/span>\u00a0<\/span><\/li>\n<\/ul>\n

          With these evasion techniques, the threats can remain hidden for long periods, making analysis and detection significantly more challenging. Furthermore, the discovery of multiple variants using the same core techniques suggests that this type of malware is becoming increasingly common.\u00a0<\/span>\u00a0<\/span><\/p>\n

          Users should always be cautious when downloading and installing apps from unofficial sources, as these platforms are often exploited by attackers to distribute malware. This is especially concerning in countries like China, where access to official app stores is restricted, making users more vulnerable to such threats.<\/span>\u00a0<\/span><\/p>\n

          To keep up with the rapid evolution of cybercriminal tactics, users are strongly advised to install security software on their devices and keep it up to date at all times. Staying vigilant and ensuring that security measures are in place can help protect against emerging threats. By using McAfee Mobile Security, users can enhance their device protection and detect threats related to this type of malware in real-time.<\/span>\u00a0<\/span><\/p>\n

          \u00a0<\/span><\/p>\n

          Glossary of Terms<\/span>\u00a0<\/span><\/p>\n

          \"\"<\/span><\/p>\n

          \u00a0<\/span><\/p>\n

          Indicators of Compromise (IOCs)<\/span>\u00a0<\/span><\/p>\n

          APKs:<\/span>\u00a0<\/span><\/p>\n

          \"\"\u00a0<\/span><\/p>\n

          C2:<\/span>\u00a0<\/span><\/p>\n

            \n
          • tcp[:\/\/]120.27.233.135:1833<\/span>\u00a0<\/span><\/li>\n<\/ul>\n
              \n
            • https[:\/\/]onlinedeskapi.com<\/span>\u00a0<\/span><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

              Authored by Dexter Shin\u00a0 Summary\u00a0 Cybercriminals are constantly evolving their techniques to bypass security measures. Recently, the McAfee Mobile Research…<\/p>\n","protected":false},"author":695,"featured_media":209689,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[10661,442],"tags":[],"coauthors":[4136],"class_list":["post-210987","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-internet-security","category-mcafee-labs"],"acf":[],"yoast_head":"\nNew Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI\u00a0 | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Authored by Dexter Shin\u00a0 Summary\u00a0 Cybercriminals are constantly evolving their techniques to bypass security measures. Recently, the McAfee Mobile\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI\u00a0 | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Authored by Dexter Shin\u00a0 Summary\u00a0 Cybercriminals are constantly evolving their techniques to bypass security measures. Recently, the McAfee Mobile\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-25T04:01:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-03T06:43:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/02\/300x200_Blog_Protect-Yourself-Deepfake-Scams.png\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"McAfee Labs\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee_Labs\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee Labs\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/\"},\"author\":{\"name\":\"McAfee Labs\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\"},\"headline\":\"New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI\u00a0\",\"datePublished\":\"2025-03-25T04:01:31+00:00\",\"dateModified\":\"2025-06-03T06:43:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/\"},\"wordCount\":1314,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/02\/300x200_Blog_Protect-Yourself-Deepfake-Scams.png\",\"articleSection\":[\"Internet Security\",\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/\",\"name\":\"New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI\u00a0 | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/02\/300x200_Blog_Protect-Yourself-Deepfake-Scams.png\",\"datePublished\":\"2025-03-25T04:01:31+00:00\",\"dateModified\":\"2025-06-03T06:43:39+00:00\",\"description\":\"Authored by Dexter Shin\u00a0 Summary\u00a0 Cybercriminals are constantly evolving their techniques to bypass security measures. Recently, the McAfee Mobile\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/02\/300x200_Blog_Protect-Yourself-Deepfake-Scams.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/02\/300x200_Blog_Protect-Yourself-Deepfake-Scams.png\",\"width\":600,\"height\":400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\",\"name\":\"McAfee Labs\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"caption\":\"McAfee Labs\"},\"description\":\"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee_Labs\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI\u00a0 | McAfee Blog","description":"Authored by Dexter Shin\u00a0 Summary\u00a0 Cybercriminals are constantly evolving their techniques to bypass security measures. Recently, the McAfee Mobile","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI\u00a0 | McAfee Blog","og_description":"Authored by Dexter Shin\u00a0 Summary\u00a0 Cybercriminals are constantly evolving their techniques to bypass security measures. Recently, the McAfee Mobile","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2025-03-25T04:01:31+00:00","article_modified_time":"2025-06-03T06:43:39+00:00","og_image":[{"width":600,"height":400,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/02\/300x200_Blog_Protect-Yourself-Deepfake-Scams.png","type":"image\/png"}],"author":"McAfee Labs","twitter_card":"summary_large_image","twitter_creator":"@McAfee_Labs","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee Labs","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/"},"author":{"name":"McAfee Labs","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad"},"headline":"New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI\u00a0","datePublished":"2025-03-25T04:01:31+00:00","dateModified":"2025-06-03T06:43:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/"},"wordCount":1314,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/02\/300x200_Blog_Protect-Yourself-Deepfake-Scams.png","articleSection":["Internet Security","McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/","name":"New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI\u00a0 | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/02\/300x200_Blog_Protect-Yourself-Deepfake-Scams.png","datePublished":"2025-03-25T04:01:31+00:00","dateModified":"2025-06-03T06:43:39+00:00","description":"Authored by Dexter Shin\u00a0 Summary\u00a0 Cybercriminals are constantly evolving their techniques to bypass security measures. Recently, the McAfee Mobile","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/02\/300x200_Blog_Protect-Yourself-Deepfake-Scams.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/02\/300x200_Blog_Protect-Yourself-Deepfake-Scams.png","width":600,"height":400},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad","name":"McAfee Labs","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","caption":"McAfee Labs"},"description":"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.","sameAs":["https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee_Labs"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/210987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/695"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=210987"}],"version-history":[{"count":6,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/210987\/revisions"}],"predecessor-version":[{"id":214997,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/210987\/revisions\/214997"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/209689"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=210987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=210987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=210987"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=210987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}