NGate Android malware manages to steal card data through NFC signal: Here is how to stay safe

Attackers spread the malware through sophisticated phishing schemes, often impersonating banks in SMS and other messaging platforms via messages with links to malicious websites.

ESET Research researchers have discovered a new Android malware called “NGate” that uses the Near Field Communication (NFC) reader on infected smartphones to steal payment card details.

Here’s how it works:

Attackers spread the malware through sophisticated phishing schemes, often impersonating banks in SMS and other messaging platforms via messages with links to malicious websites. Once installed, the malware collects the victim’s banking credentials and guides them to enable NFC on their phone and tap their payment card against the back of the device.

The malware then relays the NFC data from the victim’s card to the attacker’s smartphone in real-time. With this stolen data, attackers can create clones of the contactless payment cards and use them to withdraw money from ATMs or make fraudulent purchases.

The malware is based on the open-source NFCGate tool and represents a new attack vector for financial fraud on Android. While it currently targets users in Czechia (Czech Republic), it could easily spread to other countries hence the need to be on the lookout.

Overview of the attack

NGate Android malware ESET Research
NGate Android malware ESET Research
Threat Summary

How to stay SAFE

To stay safe, Android users should:

  • Only download apps from official app stores like Google Play when you don’t trust the source.
  • Be cautious of suspicious URLs and links in messages
  • Consider turning off NFC when not in use
  • Use digital wallet versions of cards for added security
  • Enable Google Play Protect and use antivirus software when you have high chance of contracting it due to your exposure
More Information ℹ
001
Gabby
Gabby

Inspiring readers to expound the possibilities of the unfolding World

001