#NGate has demonstrated its relevance and is now enhanced with contact-stealing functionality. ESET researchers believe that this feature is designed to lay the groundwork for future attacks. 2/6

Android malware steals your card details and PIN to make instant ATM withdrawals Forget card skimmers—this Android malware uses your phone’s NFC to help criminals pull cash straight from ATMs.

Researchers found the malware #NGate lets attackers withdraw cash from ATMs using banking data from victims’ phones w/o physically stealing the cards.
NFC a wireless technology allows devices such as smartphones.. to communicate when they’re very close together. www.malwarebytes.com/blog/news/20...

Android malware steals your card details and PIN to make instant ATM withdrawals The Polish Computer Emergency Response Team (CERT Polska) analyzed a new Android-based malware that uses NFC technology to perform unauthorized ATM cash withdrawals and drain victims’ bank accounts. Researchers found that the malware, called NGate, lets attackers withdraw cash from ATMs (Automated Teller Machines, or cash machines) using banking data exfiltrated from victims’ phones—without ever physically stealing the cards. NFC is a wireless technology that allows devices such as smartphones, payment cards, and terminals to communicate when they’re very close together. So, instead of stealing your bank card, the attackers capture NFC (Near Field Communication) activity on a mobile phone infected with the NGate malware and forward that transaction data to devices at ATMs. In NGate’s case the stolen data is sent over the network to the attackers’ servers rather than being relayed purely by radio. NFC comes in a few “flavors.” Some produce a static code—for example, the card that opens my apartment building door. That kind of signal can easily be copied to a device like my “Flipper Zero” so I can use that to open the door. But sophisticated contactless payment cards (like your Visa or Mastercard debit and credit cards) use dynamic codes. Each time you use the NFC, your card’s chip generates a unique, one-time code (often called a cryptogram or token) that cannot be reused and is different every time. So, that’s what makes the NGate malware more sophisticated. It doesn’t simply grab a signal from your card. The phone must be infected, and the victim must be tricked into performing a tap-to-pay or card-verification action and entering their PIN. When that happens, the app captures all the necessary NFC transaction data exchanged — not just the card number, but the fresh one-time codes and other details generated in that moment. The malware then instantly sends all that NFC data, including the PIN, to the attacker’s device. Because the codes are freshly generated and valid only for a short time, the attacker uses them immediately to imitate your card at an ATM; the accomplice at the ATM presents the captured data using a card-emulating device such as a phone, smartwatch, or custom hardware. But, as you can imagine, being ready at an ATM when the data comes in takes planning—and social engineering. First, attackers need to plant the malware on the victim’s device. Typically, they send phishing emails or SMS messages to potential victims. These often claim there is a security or technical issue with their bank account, trying to induce worry or urgency. Sometimes, they follow up with a phone call, pretending to be from the bank. These messages or calls direct victims to download a fake “banking” app from a non-official source, such as a direct link instead of Google Play. Once installed, the app app asks for permissions and leads victims through fake “card verification” steps. The goal is to get victims to act quickly and trustingly—while an accomplice waits at an ATM to cash out. ## How to stay safe NGate only works if your phone is infected and you’re tricked into initiating a tap-to-pay action on the fake banking app and entering your PIN. So the best way to stay safe from this malware is keep your phone protected and stay vigilant to social engineering: * **Stick to trusted sources.** Download apps only from Google Play, Apple’s App Store, or the official provider. Your bank will never ask you to use another source. * **Protect your devices.** Use an up-to-date real-time anti-malware solution like Malwarebytes for Android, which already detects this malware. * **Do not engage with unsolicited callers.** If someone claims to be from your bank, tell them you’ll call them back at the number you have on file. * **Ignore suspicious texts.** Do not respond to or act upon unsolicited messages, no matter how harmless or urgent they seem. Malwarebytes for Android detects these banking Trojans as Android/Trojan.Spy.NGate.C; Android/Trojan.Agent.SIB01022b454eH140; Android/Trojan.Agent.SIB01c84b1237H62; Android/Trojan.Spy.Generic.AUR9552b53bH2756 and Android/Trojan.Banker.AURf26adb59C19. * * * **We don’t just report on phone security—we provide it** Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Android malware steals your card details and PIN to make instant ATM withdrawals Forget card skimmers—this Android malware uses your phone’s NFC to help criminals pull cash straight from ATMs. ...

#Android #News #android #malware #nfc #NGate

Origin | Interest | Match

ASEC Blog publishes “Mobile Security & Malware Issue 1st Week of November, 2025” #### Tags: Android apk Fantasy_Hub malware NFC NGate RCE

Mobile Security & Malware Issue 1st Week of November, 2025 ASEC Blog publishes “Mobile Security & Malware Issue 1st Week of November, 2025”

#Mobile #Public #Android #apk #Fantasy_Hub #malware #NFC #NGate #RCE

Origin | Interest | Match

ASEC Blog publishes “Mobile Security & Malware Issue 1st Week of November, 2025” #### Tags: Android apk Fantasy_Hub malware NFC NGate RCE

Mobile Security & Malware Issue 2025년 11월 1주차 ASEC Blog publishes “Mobile Security & Malware Issue 1st Week of November, 2025”

#Mobile #Public #Android #apk #Fantasy_Hub #malware #NFC #NGate #RCE

Origin | Interest | Match

#NGate captures NFC card data and relays it to an attacker-controlled device, which uses the data for ATM withdrawals or POS payments—all without physical access to the victim’s card. We described #NGate in details in our blogpost in 2024
www.welivesecurity.com/en/eset-rese... 3/4

It shares the same package name (com.billy.cardemv) as some #NGate / #PhantomCard variants targeting Brazil, suggesting it could be a new version still focused on Brazil. 2/4

#ESETresearch identified an active campaign distributing #NGate – Android NFC relay malware used for contactless payment fraud – targeting Brazilian users.
It is available for download via fake Google Play sites mimicking 4 major banks and 1 e-commerce app. 1/4

NGate Malware Lets Attackers Withdraw Cash from ATMs Using Stolen Cards A new wave of Android malware analyzed by CERT Polska has revealed a sophisticated NFC relay technique targeting Polish bank ...

#Cyber #Security #News #NGate #malware

Origin | Interest | Match

Pagamenti NFC minacciati dal malware NGate Una nuova ondata di attacchi informatici colpisce i pagamenti NFC: l'evoluzione del malware NGate, i pericoli reali e come mettere in sicurezza lo smartphone.

💡 Pagamenti NFC minacciati dal malware NGate

gomoot.com/pagamenti-nf...

#blog #contactless #ghosttap #malware #news #nfc #ngate #phishing #picks #rfid #tech #tecnologia

Screenshot of NGate malware impersonating a banking verification application.

Screenshot of packet capture showing victim's payment card and PIN information being exfiltrated by malware.

#BREAKING #ESETresearch NFC Android malware impersonates banking app in 🇵🇱 Poland. #NGate malware impersonates a banking verification application to steal NFC data and PIN from victims’ physical payment card. x.com/LukasStefanko
🧵1/3

Allarme NGate: nuovo malware svuota conti usando NFC Attenzione al nuovo malware NGate: sfrutta NFC per svuotare i conti. Scopri come questa sofisticata minaccia per Android ruba denaro direttamente dagli ATM

💡 NGate, il malware Android che svuota i conti correnti delle vittime

gomoot.com/ngate-il-mal...

#android #atm #blog #malware #news #nfc #ngate #phishing #picks #smartphone #SMS #tech #tecnologia #truffa