Cybercriminals are getting smarter. They’re now using a development toolkit called .NET MAUI to create fake apps that look and feel like the real thing—banking apps, dating apps, and even social media. But instead of helping you, these apps secretly steal your private info.
We break down the full research from McAfee Labs here:
What Is .NET MAUI and Why Should You Care?
.NET MAUI is a tool used by developers to build apps that work on many devices—like phones, tablets, and computers—all from one set of code.
That’s great for app creators. But now, hackers are using it too. While McAfee is able to detect this malware, the decision to build with .NET MAUI helps hide their dangerous code from most antivirus software. Think of it like a thief wearing an invisibility cloak—unless you’re really looking, you won’t see them.
How These Fake Apps Trick You
1. They Look Legit
Hackers are creating apps that look like they’re from real companies. For example, one fake app pretended to be IndusInd Bank, asking users to enter sensitive information like:
- Full name
- Phone number
- Birthdate
- Credit card information
- Unique tax and personal identifiers (PAN and Aadhaar)
Once you hit submit, that info goes straight to the hacker’s server.
Figure 1. Fake IndusInd Bank app’s screen requesting user information
2. They Hide the Dangerous Stuff
Normal Android apps have code in a format security tools can scan. These fake apps hide their code in binary files so it can’t be easily detected. That lets them stay on your phone longer—stealing quietly in the background.
Malware Example: Fake Social Media App
In another case, hackers made an app that pretended to be a social media platform. This one targeted Chinese-speaking users and was even trickier than the fake bank app.
Here’s what it did:
- Stole contacts, photos, and texts from the phone
- Used a 3-stage process to hide its code
- Encrypted everything so it’s harder to track
- Used weird, fake app permissions to confuse security scanners
And instead of using regular internet traffic, it sent stolen data through secret encrypted channels—so even if someone intercepted it, they couldn’t read it.
Figure 2. Various fake apps using the same technique
Where Are These Apps Coming From?
These apps aren’t in the Google Play Store. Instead, hackers are sharing them on:
- Fake websites
- Messaging apps
- Sketchy links in texts or chat groups
So if someone sends you a link to a cool new app that’s not from the Play Store—be extra careful.
How to Protect Yourself
Here are a few easy ways to stay safe:
- Download apps only from official app stores like Google Play or the Apple App Store
- Avoid clicking on links from strangers or untrusted sources
- Install security software like McAfee+ to catch threats in real-time
- Keep your apps and software updated—updates often fix security holes
- Check app permissions—if a flashlight app wants access to your texts, that’s a red flag
Hackers are getting creative, but you can stay one step ahead. These new .NET MAUI-based threats are sneaky—but they’re not unstoppable.
With smart habits and the right tools, you can keep your phone and your personal info safe. Want real-time protection on your phone? Download McAfee+ and get ahead of the latest threats.
Stay Updated
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.
