0
0
The Slovakian security software company ESET has uncovered a campaign in which criminals use a new type of Android malware to steal data from bank cards—including PINs—and forward it to a second, prepared cell phone. The aim is to make cash withdrawals directly at ATMs.
Money gone because of Android malware: How the scam works
For potential victims of the Android malware, it all starts with a text message in the name of the bank, as ESET explains in a press release. The hook often used is a tax refund. If recipients install a fake app via the link sent in the text message, they will shortly receive a call from someone claiming to be a bank employee: they are told to change their bank card PIN and hold it up to their cell phone for “verification.”
This allows the criminal application with the malware to read data from NFC-enabled bank cards and transmit it in real time to the perpetrators’ cell phones. They can then use their smartphones to withdraw cash or make transfers directly at ATMs.
What’s new about the Android malware
“We have not seen this new type of NFC relay technology in any other Android malware to date. The technology is based on a tool called NFCGate, which students at Darmstadt Technical University developed to capture, analyze, or modify NFC traffic. That’s why we’ve named this new malware family NGate,” ESET continues.
According to experts, the activities have been ongoing since November 2023. In March 2024, police in Prague arrested a 22-year-old man in connection with the case. They seized 160,000 CZK (~$6,000) from him—money belonging to the three most recent victims. The police describe the modus operandi as documented by ESET.
Who is affected?
Cases involving customers of three Czech banks have been confirmed so far. ESET’s analysis shows that the criminals imitated the banks’ domains and used several NGate app variants. There is no evidence of a global mass attack, but the method is fundamentally transferable and can also be used in other countries.
However, there is a simple way to protect yourself from Android malware. As advised by experts and the police in the Czech Republic, you should not open any links from text messages or emails and should not install apps from unknown sources. In addition, banks never ask for your PIN—not even via app or telephone.
Furthermore, you can use mobile wallets instead of bank cards and deactivate NFC on your cell phone when it is not needed. Also, check your limits and debits regularly and contact your bank and the police immediately if you suspect anything.
- Sources: ESET, Czech Republic Police/picture: Bild von Iqbal Nuril Anwar auf Pixabay
This post has already been read 9 times!
