0
0
The Slovakian security software company ESET has uncovered a campaign in which criminals use a new type of Android malware to steal data from bank cards—including PINs—and forward it to a second, pre-programmed cell phone. The aim is to make cash withdrawals directly from ATMs.
Money gone because of Android malware: How the scam works
For potential victims of Android malware, it all starts with a text message in the name of the bank, as ESET explained in a press release. The hook often involves a tax refund. If recipients install a fake app via the link sent in the text message, they will shortly thereafter receive a call from someone claiming to be a bank employee: they are told to change their bank card PIN and hold it up to their cell phone for “verification.”
This allows the criminal application with the malware to read data from NFC-enabled bank cards and transmit it in real time to the perpetrators’ cell phones. They can then use their smartphones to withdraw cash directly from ATMs or make transfers.
What’s new about the Android malware
“We have not seen this new NFC relay technique in any other Android malware to date. The technology is based on a tool called NFCGate, which was developed by students at Darmstadt Technical University to capture, analyze, or modify NFC traffic. That’s why we’ve named this new malware family NGate,” ESET continues.
According to experts, these activities have been ongoing since November 2023. In March 2024, police in Prague arrested a 22-year-old man in connection with this case. They seized CZK 160,000 (~€6,000) from him—money belonging to the three most recent victims. The police describe the modus operandi as documented by ESET.
Who is affected?
Cases involving customers of three Czech banks have been confirmed so far. ESET’s analysis shows that the criminals imitated the banks’ domains and used several NGate app variants. There is no evidence of a global mass attack, but the method is fundamentally transferable and can also be used in other countries.
However, there is a simple way to protect yourself from Android malware. As advised by experts and the police in Czechia, you should not open any links from text messages or emails and should not install apps from unknown sources. In addition, banks never ask for your PIN—not even via app or telephone.
You can also use mobile wallets instead of bank cards and deactivate NFC on your cell phone when it is not needed. Check your limits and debits regularly and contact your bank and the police immediately if you suspect anything.
- Sources: ESET, Czech Republic Police Force/picture: pixabay.com
This post has already been read 45 times!
