ESET Uncovers NGate: New Android Malware Exploits NFC Data for ATM Theft

ESET Uncovers NGate: New Android Malware Exploits NFC Data for ATM Theft

(IN BRIEF) ESET Research has uncovered a new Android malware called “NGate” that targets NFC (Near Field Communication) data to facilitate unauthorized ATM withdrawals. The malware deceives users into installing it through phishing attacks impersonating Czech banks. Once installed, NGate captures NFC data from the user’s payment cards and relays it to an attacker’s device, allowing them to withdraw money from ATMs. This is the first time such an advanced NFC relay technique has been seen in the wild, and it poses a significant threat to Android users. ESET advises users to take precautions, such as downloading apps only from official sources and keeping their PIN codes secure.

(PRESS RELEASE) BRATISLAVA/KOŠICE, 23-Aug-2024 — /EuropaWire/ — In a concerning development for the cybersecurity community, ESET Research has uncovered a sophisticated crimeware campaign that has been targeting clients of three major Czech banks. The newly identified Android malware, dubbed “NGate,” possesses a unique capability to relay Near Field Communication (NFC) data from victims’ payment cards directly to an attacker’s device, enabling unauthorized ATM withdrawals without the need for the victims’ devices to be rooted.

The attack begins with traditional social engineering tactics, including phishing messages impersonating Czech banks. Once victims unknowingly install the malicious app on their Android devices, NGate captures NFC data from physical payment cards when users are tricked into placing their cards near their smartphones. This data is then relayed to the attacker’s device, allowing them to emulate the original card and withdraw money from ATMs.

This is the first instance of Android malware leveraging such an advanced NFC relay technique in the wild. The attackers behind NGate have been active since November 2023, improving their methods over time. Although the campaign appears to have paused following the arrest of a suspect in March 2024, the potential for future attacks remains a concern.

Lukáš Štefanko, the ESET researcher who discovered NGate, emphasized the novelty of this technique, noting that it is based on NFCGate, a tool originally designed for research purposes. Štefanko advises users to take proactive measures against such threats, including verifying URLs, downloading apps only from official stores, keeping PIN codes confidential, and using security apps on smartphones.

For further technical details on this emerging threat, ESET encourages interested parties to visit their blog on WeLiveSecurity.com.

About ESET

ESET® provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of known and emerging cyberthreats — securing businesses, critical infrastructure, and individuals. Whether it’s endpoint, cloud or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. An ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit www.eset.com or follow us on LinkedIn, Facebook, and X.

Media Contact:

Tel: +421 (2) 322 44 111
Fax: +421 (2) 322 44 109
Web: www.eset.com/int

SOURCE: ESET, spol. s r.o.

MORE ON ESET, ETC.:

Follow EuropaWire on Google News
EDITOR'S PICK:

Comments are closed.