August 26, 2024 at 12:54AM
Researchers have discovered new Android malware, NGate, aimed at stealing contactless payment data from physical credit and debit cards to conduct fraudulent operations. Targeting banks in Czechia, the attack involves social engineering and SMS phishing to trick users. NGate prompts victims to enter sensitive financial details and instigates an NFC relay attack. Notably, a variant of Android banking trojan Copybara is also active, leveraging voice phishing and accessibility service feature to control infected devices.
Key Takeaways from the Meeting Notes:
1. New Android malware called NGate has been identified by cybersecurity researchers. It is designed to relay victims’ contactless payment data to an attacker-controlled device for conducting fraudulent operations.
2. NGate has the ability to clone near-field communication (NFC) data from victims’ physical payment cards and transmit the information to an attacker device, which then emulates the original card to withdraw money from an ATM.
3. The malware has its roots in a legitimate tool named NFCGate and is believed to have been involved in a broader campaign targeting financial institutions in Czechia since November 2023.
4. The attack chains involve a combination of social engineering and SMS phishing to trick users into installing NGate by directing them to short-lived domains impersonating legitimate banking websites or official mobile banking apps. Victims are prompted to enter sensitive financial information and turn on the NFC feature on their smartphones.
5. NGate uses phishing websites and NFCGate relay servers to facilitate its operations.
6. In addition to NGate, a new variant of an Android banking trojan called Copybara has been identified, which utilizes voice phishing attacks and the MQTT protocol to establish communication with its command-and-control (C2) server.
7. Copybara abuses the accessibility service feature native to Android devices to exert granular control over the infected device and proceeds to download phishing pages that imitate popular cryptocurrency exchanges and financial institutions.
These takeaways summarize the key points and implications from the meeting notes on financial fraud and mobile security.