Posted by ValdikSS on May 19
Xamarin for Android prior to version 5.1 allows to replace internal DLL files inside the APK with files on SD card
which are not in a secure storage.
Malicious application without any special permissions could drop backdoored DLL files into
/storage/sdcard0/Android/data/app_id/files/.__override__/
and the victim application would use files from SD.
Not just the main application library could be hijacked, but also Xamarin’s System.dll and…