Eset has uncovered a new type of financial attack targeting Android devices. This malware, dubbed NGate, exploits near-field communication (NFC) technology to steal bank card data through fake banking apps. We’ll keep you updated on any developments regarding this threat.
How the Attack Works
Attackers employ various methods to trick users into installing malicious apps:
- Phishing calls
- SMS messages
- Advertisements leading to fake Google Play Store pages
Once installed, these apps can read data from NFC-compatible bank cards placed near the phone. The stolen information is then transmitted to the attacker’s device, enabling fraudulent transactions through payment terminals. In some instances, hackers may even gain access to victims’ bank accounts through ATMs using social engineering or phishing techniques, without needing the physical card.
Eset researcher Lukas Stefanko identified this malware as NGate due to its reliance on NFC technology and a tool called NFCGate. For a successful attack, two conditions must be met:
- The victim must install the malicious application
- An NFC-compatible bank card must be in close proximity to the phone
Risks and Precautions
NFC technology, while convenient for contactless payments, creates new opportunities for attackers. They can potentially scan wallet contents using a phone through bags in crowded places. Additionally, special applications allow for cloning NFC tags, enabling the copying of data from payment cards or access keys, notes NIXsolutions.
To protect against these threats, Eset and Google recommend:
- Being cautious of suspicious links
- Exercising care when installing applications, especially those requesting NFC access
- Remembering that banks typically don’t require app updates via SMS or social media advertising
It’s important to note that NFC is a short-range wireless data transfer technology, allowing data exchange between devices located approximately 10 centimeters apart. While it provides convenient functions, users should remain vigilant to protect their financial information from potential exploitation.