Researchers at ESET have identified a new Android malware known as NGate [1] [2] [3] [4] [5] [6], which is part of a cyberattack campaign targeting smartphone users in Czechia.
Description
NGate, derived from NFCGate, is capable of stealing payment card data using the NFC reader on infected devices [1]. It captures NFC traffic to steal contactless payment data from physical credit and debit cards, cloning cards and smart cards by copying UID. The goal of NGate attacks is to clone NFC data from victims’ cards and withdraw money from ATMs [3]. The malware utilizes social engineering and SMS phishing techniques to prompt users to input sensitive financial information and install malicious apps. NGate is typically installed through phishing scenarios [1], where attackers trick users into downloading the malware from fake banking apps [1]. Attack scenarios involve SMS phishing [5], malicious PWAs [3] [5] [6], and social engineering to gain access to victims’ accounts [5]. A recent campaign involving NGate was halted following the arrest of a suspect in Prague. Additionally, a new variant of the Android banking trojan Copybara has emerged [3], utilizing voice phishing attacks to steal bank account credentials [3].
Conclusion
To protect against these threats [4], users are advised to download apps solely from official app stores, scrutinize URLs [6], refrain from clicking on links from unknown senders [6], and consider deactivating NFC when not in use [6]. Google Play Protect can aid in detecting and blocking malicious apps [6], while utilizing an Android antivirus app can offer added protection. These measures can help mitigate the risks posed by NGate and other malware, safeguarding users’ financial information and personal data.
References
[1] https://www.devhardware.com/android-malware-steals-payment-card-data-using-never-before-seen-technique/
[2] https://www.ec-mea.com/eset-research-discovers-ngate-android-malware-which-relays-nfc-traffic-to-steal-victims-cash-from-atms/
[3] https://thehackernews.com/2024/08/new-android-malware-ngate-steals-nfc.html
[4] https://www.techrepublic.com/article/cybercriminals-stealing-nfc-data/
[5] https://arstechnica.com/security/2024/08/android-malware-uses-nfc-to-read-payment-card-data-then-sends-it-to-attacker/
[6] https://www.tomsguide.com/computing/malware-adware/think-tap-to-pay-is-safer-new-android-malware-uses-stolen-nfc-data-to-drain-your-accounts