NGate Android malware manages to steal card data through NFC signal: Here is how to stay safe
ESET Research researchers have discovered a new Android malware called “NGate” that uses the Near Field Communication (NFC) reader on infected smartphones to steal payment card details.
Here’s how it works:
Attackers spread the malware through sophisticated phishing schemes, often impersonating banks in SMS and other messaging platforms via messages with links to malicious websites. Once installed, the malware collects the victim’s banking credentials and guides them to enable NFC on their phone and tap their payment card against the back of the device.
The malware then relays the NFC data from the victim’s card to the attacker’s smartphone in real-time. With this stolen data, attackers can create clones of the contactless payment cards and use them to withdraw money from ATMs or make fraudulent purchases.
The malware is based on the open-source NFCGate tool and represents a new attack vector for financial fraud on Android. While it currently targets users in Czechia (Czech Republic), it could easily spread to other countries hence the need to be on the lookout.
Overview of the attack
Name | Gate virus |
---|---|
Threat Type | Android malware, malicious application |
Detection Names | Avast-Mobile (Android:Evo-gen [Trj]), DrWeb (Android.Banker.NGate.1.origin), ESET-NOD32 (Android/Spy.NGate.B), Kaspersky (HEUR:Trojan-Banker.AndroidOS.NGate.a), Full List (VirusTotal) |
Symptoms | Malware is designed to stealthily infiltrate the victim’s computer and remain silent, and thus no particular symptoms are clearly visible on an infected machine. |
Distribution methods | Spam SMSes, infected email attachments, malicious online advertisements, social engineering, deceptive applications, scam websites. |
Damage | Monetary losses, stolen identity (malicious apps might abuse communication apps). |
Malware Removal (Android) | To eliminate possible malware infections, scan your mobile device with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
How to stay SAFE
To stay safe, Android users should:
- Only download apps from official app stores like Google Play when you don’t trust the source.
- Be cautious of suspicious URLs and links in messages
- Consider turning off NFC when not in use
- Use digital wallet versions of cards for added security
- Enable Google Play Protect and use antivirus software when you have high chance of contracting it due to your exposure
As financial malware continues to evolve, it’s crucial for Android users to stay vigilant and take proactive security measures to protect their payment data from these new threats.