August 22, 2024 at 01:05PM
NGate, a new Android malware, steals money from payment cards through NFC data relay. It tricks victims into installing malicious PWAs and WebAPKs, stealing banking credentials. Once installed, it uses NFC to capture and relay card data to the attacker’s device. It can also obtain the card PIN, posing a significant risk to Android users. ESET advises to disable NFC if not in use or scrutinize app permissions and sources.
Based on the meeting notes, it seems that a new Android malware named NGate has been discovered. This malware is particularly concerning as it can steal money from payment cards by intercepting data read by the near-field communication (NFC) chip. The attackers can then use this intercepted data to make unauthorized payments or withdrawals.
NGate is being distributed through deceptive methods such as malicious texts, automated calls, and malvertising to trick victims into installing a malicious Progressive Web App (PWA) and later WebAPKs on their devices. These malicious apps use the official icon and login interface of targeted banks to steal client access credentials. Once installed, NGate activates an open-source component called ‘NFCGate’ to capture NFC data from payment cards and relay it to the attacker’s device.
In addition to stealing card data via NFC, NGate is also capable of capturing card PIN codes by social engineering the victim. After the phishing step, scammers impersonate bank employees and send the victim an SMS with a link to download NGate under the guise of verifying their existing payment card and PIN. Upon scanning the card with their device and entering the PIN, the sensitive information is relayed to the attacker.
The meeting notes also mention that the Czech police has caught one cybercriminal performing these withdrawals in Prague, highlighting the urgency and risk associated with this malware. It’s been recommended that if NFC is not actively being used, the NFC chip should be disabled in the device settings to mitigate the risk. Additionally, users are advised to scrutinize app permissions, install bank apps only from official sources, and remain vigilant about the installation of WebAPKs.
Overall, the discovery of NGate and its capabilities pose a significant threat to Android users, and appropriate measures should be taken to mitigate the risk of falling victim to this malware.