Banking malware is one of the most serious threats we face on our smartphones and against which we must protect ourselves. We have already talked about examples such as Brokewell and Medusa, two Trojans capable of steal banking information users while going completely unnoticed.
Everything seems to indicate that it exists a new case of banking malware which can affect Android device users. What caught our attention the most is how it works, as it is able to scan and capture the victim’s credit card information via NFC and send it to the attackers.
Attackers use NFC on victims’ phones to capture credit card information
We heard about the malware in Bleeping Computer, a media specialized in cybersecurity, in which they explain that attackers can use this malware to emulate the victim’s card and make payments via NFC. And not only that, since they can reach even to withdraw money from the ATMThe malware is called NGate and has been in circulation since November 2023.
As usual, attackers infect victims’ mobile phones via fraudulent messages or malicious advertisementsThe goal is to trick the victim into installing a progressive web application (PWA) on their mobile. To achieve this, the attackers use the claim of security updates and even use the victim’s bank logo.
Once the victim has downloaded the fraudulent application Fraudsters use social engineering techniques to obtain the bank PIN code: apparently, the victim receives a call from someone pretending to be a bank employee alerting them of a security problem.
The scammers request bank PIN code change via a malicious Android app and send a new SMS with the download link. When the user downloads this app, it installs the NGate malware, which sends the bank PIN and all the information captured by NFC to the crooks.
A researcher from security software company ESET has released a video explaining how the threat works and demonstrating that it can be used to capture information from found credit cards. in the victims’ handbag or backpack
In the video we are talking about, they emphasize that even if the attackers failed to obtain the PIN code, they still have the opportunity to make payments with the victim’s card. Apparently, the Czech police have already arrested a person who used this technique.
Google has already confirmed that as of today, no apps contain this malware on Google Play. Additionally, the company states that Google Play Protect is able to detect NGate even if we download a malicious application from sources outside Google Play. However, it is possible to mitigate the risks by disabling the NFC of the mobile if we do not use it.
By | Beeping Computer
Cover image | Alejandro Alcolea (Xataka Android)
In Xataka Android | What is malware, what are its types and what can you do if it infects your mobile
