NGate Android malware relays NFC traffic to steal cash
Aug. 22, 2024, 10:58 a.m.
Description
ESET researchers uncovered a crimeware campaign targeting bank customers in Czechia. The NGate Android malware can relay NFC data from victims' payment cards to attackers' devices, enabling unauthorized ATM withdrawals. It's the first time this capability has been observed in the wild. The campaign evolved from using phishing PWAs and WebAPKs to deploying NGate, which tricks victims into providing banking details and NFC card data.
Tags
Date
- Created: Aug. 22, 2024, 10:36 a.m.
- Published: Aug. 22, 2024, 10:36 a.m.
- Modified: Aug. 22, 2024, 10:58 a.m.
Indicators
- 91.222.136.153
- 185.104.45.51
- 185.181.165.124
- rb.system.com
- rb.2f1c0b7d.tbc-app.life
- rb-62d3a.tbc-app.life
- george.tbc-app.life
- nfc.cryptomaker.info
- geo-4bfa49b2.tbc-app.life
- csob-93ef49e7a.tbc-app.life
- app.mobil-csob-cz.eu
- raiffeisen-cz.eu
Attack Patterns
- NGate
- T1509
- T1437
- T1426
- T1417
- T1566
Additional Informations
- Czechia