Android malware attack forwards NFC data from your card to the ATM thief and leaves you stranded

Hackers and cyber thieves are constantly outdoing themselves in the never-ending battle to break into your phone and steal your hard-earned money. Newly discovered Android malware uses an infected device's NFC reader to retrieve payment details from your mobile phone and forward that information to attackers. This malware allows the thieves to use your details at ATMs and POS (point of sale) devices to withdraw money or pay for purchases at the checkout.

The malware was discovered by cybersecurity firm ESET, which was named NGate because the attackers used the NFCGate toolkit to analyze NFC traffic. Czech police busted a gang using a similar scheme after arresting one of the members while withdrawing cash from an ATM in Prague. Here's how the scam worked: The victim received an SMS urging them to install an app because there was a problem with their tax return. This SMS contained a link to a fake website that collected the victim's login information.
This gives the attacker access to the target’s bank account.

Video thumbnail

The victim then receives a call from the attacker, who pretends to be a bank employee. The bank customer is told that they will be sent an SMS with a link to an app that will be used to protect their account by allowing them to change their PIN number and verify their card. The victim is asked to enable NFC on their phone and scan the card. The mobile app is actually the NGate malware.

The malware can relay NFC data from the victim's card through an infected smartphone to the attacker's smartphone, which can then emulate the card. This gives the criminal the information in real time and allows him to withdraw money from an ATM. This is really scary.

Google said that no such malware was found in the apps listed on the Play Store. Google pointed out that its Play Protect feature warns users and blocks apps with malicious behavior, even if those apps come from third-party sources. Between November and March, six NGate-laden apps from non-Play Store sources were discovered attacking three Czech banks.

How can you make sure you don't become a victim? Never send personal information, including PIN numbers, online. Even if the SMS or email you receive seems genuine, do not give out personal information. Always assume you are being scammed. Confirm requests for information by calling the requesting company. Get the phone number from Google, and do not call the number provided in the SMS.

Leave a Reply

Your email address will not be published. Required fields are marked *