New Android Malware Targets Contactless Payment Data

Cybersecurity experts have discovered a new Android malware named “NGate” capable of stealing contactless payment data from physical credit and debit cards, as reported yesterday by Android Headlines (AH).

Analysts explain that NGate tricks users into installing a malicious app disguised as a legitimate one. Once installed, the app can capture NFC data from the victim’s physical payment card and relay it to an attacker-controlled device. This allows attackers to clone the card and withdraw funds from ATMs.

The Hacker News reports that the malware has been observed targeting financial institutions in Czechia, but it could potentially target users in other regions as well. The malware is believed to be spread through phishing attacks, where victims are sent messages or links that appear to be from legitimate sources.

The attackers’ approach includes phishing websites, fake banking apps, and even direct phone calls to deceive victims. Once the malicious app is installed, it can steal the victim’s payment card data without their knowledge.

This malware, rooted in a legitimate NFCGate tool, was originally software intended for security purposes but was then repurposed for malicious activities. This software has been active since November 2023 and has evolved through social engineering tactics.

Google has confirmed that NGate is not found on any apps on the Google Play Store. However, the malware can still be distributed through third-party distributors.

These findings, along with recent research identify a critical flaw in digital wallet security: stolen card details remain usable even after a stolen or lost card is replaced.

To protect from NGate and other similar threats, users should be cautious about downloading apps from unfamiliar sources and avoid clicking on suspicious links or opening attachments from unknown senders.