August 22, 2024 at 05:08PM
A new Android malware called NGate has emerged, capable of cloning contactless payment data from credit and debit cards and sending it to an attacker’s device for fraudulent transactions. Initially based on NFCgate, this malware leverages phishing and social engineering to steal banking information and execute fraudulent ATM transactions.
Based on the meeting notes, it appears that a new Android malware called NGate has been identified by security researchers from ESET. This malware is capable of cloning contactless payment data from physical credit and debit cards and transmitting it to an attacker’s Android device, allowing for fraudulent transactions and ATM withdrawals.
The NGate malware is based on NFCgate, a legitimate research tool developed by students at the University of Darmstadt in Germany to capture and analyze near-field communication (NFC) traffic. The threat actor behind the NGate malware has been observed using phishing and social engineering techniques to steal cash from victim bank accounts through fraudulent ATM transactions.
The attacker initiates the scam by sending SMS messages to potential victims, which lead to the installation of a progressive Web app or a Web APK that phishes for banking credentials. Victims are then prompted to download and open the NGate malware, which tricks them into entering their banking information and enables the cloning of their card’s data for fraudulent use.
The use of NGate enables attackers to perform fraudulent ATM withdrawals while avoiding leaving a direct trail back to their own accounts, making it easier to steal funds from victims’ accounts.
Additionally, the security vendor noted that the NGate malware could be used for other malicious purposes, such as capturing and relaying data from NFC tags or tokens, potentially allowing attackers to gain unauthorized access to premises or sensitive information.
In summary, the emergence of NGate represents a significant threat to the security of contactless payment data and highlights the importance of safeguarding against social engineering attacks and malware threats.