Recent studies in the field of cybersecurity shows there is new malware for Android phones. This malware targets the NFC reader that is installed in these gadgets in order to initiate an attack and steal payment card data.
NGate: The Cutting-Edge Android Malware That Hijacks Your Card Data via NFC
As reported by ESET and called “NGate,” the malware works by stealing and forwarding the payment card data to the attackers. This results to the theft of the users’ data which the attackers use to clone the victim’s card.
The advantage of cloned card is that is it take a person to freely withdraw cash from ATMs and purchase items from Point of Sale terminals. The structure of NGate malware ensures that data obtained by the attackers can be used for financial gains easily.
NGate currently makes use of an open source tool known as NFCGate which helps in sniffing, monitoring and modifying the NFC data traffic. This tool is very essential and enables the malware to retrieve some very sensitive information.
According to ESET, this is an extremely advanced attack, which shows a new generation of mobile threats. This is evident in such attacks as those that use NFC technology which is an innovation in the evolution of threats.
Currently there are no famous NGate apps, which are listed in google play store. Owners of devices on the Android platform are shielded by Google Play Protect, which contributes to identification of the known versions of this malware and other malware in general.
Android Malware Unleashes NFCGate: The New Threat to Your Banking Security
ESET researcher Lucas Stefanek has discovered a revolutionary Android malware threat. This is actually the initial time to show any relevant malware makes use of the NGate vulnerability in an actual situation. The vulnerability enables a bad actor to establish a connection between the infected device and a victims card, forwarding their NFC data to the attacker’s smartphone.
The attack process starts with different forms of phishing to trick the users into installing malicious Progressive Web Apps (PWAs). Such links are received through text messages or push notifications that take the users to fake replicas of the banking sites or the Google Play Store. These are fake sites that when the users input their banking details for card verification, this information is fed back to the attacker.
In the second phase the attacker sends an e-mail to the victim saying that his/ her computer is infected. Thus, they pretend there have been unauthorized activities in the victim’s account as a result of malware. To solve the problem, a new application that the victim has to download is suggested to him/her by the scammer.
Clandestinely, this fresh application is a virus and sets off the NFCGate tool for the poor victim. With the aid of this tool, the attacker can take undue advantage of the ‘NGate’ weakness and make a replica of the unsuspecting victim’s ‘card’. As a result, there is a cloned card and one of the dirtiest heists you can imagine; the attacker makes withdrawals at the ATMs.
The theft outlined here reveal a new more complex way to pinch personal detail in the payroll of an individual. It brings the note that people have to be very cautious and suspicious while receiving the unknown message or the unexpected request in the application. Firstly, users should be careful when entering their sensitive information to the website they do not know or which looks quite reliable on the first sight.
ESET’s findings should be considered as a valuable report for Android users as well as a constant call for vigilance when it comes to security risks and reliability of the received messages and applications connected with the user’s financial accounts.
NFC Scams Exposed: How NGate Malware Duplicates Bank Cards and Evades Detection
After the infection, the victim is asked to turn on NFC and scan bank cards on it, in order to activate stealing services. This process enables the attacker to emulate the card and store all data on it, if one is using a smart card. The cloned card can then be used for unauthorized ATM withdraw or for purchase at the supermarket.
ESET detected that the NGate malware attacked three banks in the Czech Republic since November last year. In the process of the campaign, it was found that six different NGate applications where all being circulated through third parties and not through Google Play Store.
The malware campaign continued up to the recent past, March of this year to be precise before it was halted. Police arrested a 22-year-old man in the Czech Republic, who went on making transactions using others’ bank cards, previously created by the NGate malware.
As pointed by ESET, these NGate applications were widely spread from November 2023 and up to March 2024. Such discovery and subsequent clamp down are typical signs of increasing complexity of the cyber threats and the need to embrace additional layers of security in apps.
Later, a Google representative stated that there is no App carrying NGate at the Google Play Store. Google Play Protect is actively protecting Android devices from known versions of this malware they also said.
This case strongly points to the fact that users should beware of applications downloaded from the other sources than official markets and should periodic alert themselves to the problems which can happen to their money information sources.
