Security Alert: NGate Android Malware Drains Bank Accounts via NFC

A new serious Threat revealed for Android users: NGate Android malware. It uses NFC chips to steal credit card data. This malware can transfer data read by the NFC chip to an attacker's device. This It allows victims to make unauthorized payments or withdrawals by imitating their cards.

The campaign using the NGate malware has been active since November 2023. connected According to ESET's latest report on the increasing use of progressive web applications (PWAs) and advanced WebAPKs to steal users' banking information in the Czech Republic;

In addition to stealing credit card data, the NGate malware can also: commit direct cash theft. So this is it Doesn't look like it some of'un other malware that has previously emerged.

How NGate Android Malware Steals Card Data via NFC Chip

Attacks start with malicious text, robocalls, or malicious ads that trick victims into installing a malicious PWA or WebAPK. ​​The apps may appear to be urgent security updates, but they steal client access credentials.

NGate steals card data
Image source: ESET

These apps do not require permissions and abuse the browser's API to access the device's hardware. After the phishing step, the victims They were deceived Introduction to setting up NGate.

Gizchina News of the Week


NGate uses NFCGate, an open-source tool for NFC testing, to capture NFC data from payment cards. An attacker can save this data as a virtual card and replay it on ATMs or PoS systems.

ESET malware researcher Lukas Stefanko demonstrated how NGate can capture card data in wallets and backpacks. An attacker could use this data to make contactless payments or clone NFC access cards.

How Does Malware Obtain Card Pin?

To withdraw cash from ATMsthe card's PIN is required. Researchers have found that scammers obtain this information through social engineering.

After the PWA/WebAPK phishing step, the scammers call the victim and pretend to be a bank employee. They inform the victim about a security incident and send an SMS with a link to download NGate.

Getting NGate Card Pin
Image source: ESET

The victim scans their card and enters their PIN to “verify” in the malware's phishing interface. This sensitive information transmitted later to the attacker.

Czech police have already caught a cybercriminal who was behind these shootings, but this tactic poses a significant risk to Android users.

ESET also warns about copying access tags, transport tickets and ID badges is possible.

To reduce your risk, you can: disable Your device's NFC chip. If NFC needs to be enabled, review app permissions, install banking apps from official sources, and be wary of WebAPKs. WebAPKs are small, load from browsers, and don't appear under '/data/app' like standard Android apps.

Disclaimer: We may be compensated by some of the companies that mention the products, but our articles and reviews are always our honest opinions. For more details, you can check out our editorial guidelines and learn how we use affiliate links.

Leave a Reply

Your email address will not be published. Required fields are marked *