NGate Android malware relays NFC traffic to steal cash

Aug. 22, 2024, 10:58 a.m.

Description

ESET researchers uncovered a crimeware campaign targeting bank customers in Czechia. The NGate Android malware can relay NFC data from victims' payment cards to attackers' devices, enabling unauthorized ATM withdrawals. It's the first time this capability has been observed in the wild. The campaign evolved from using phishing PWAs and WebAPKs to deploying NGate, which tricks victims into providing banking details and NFC card data.

Date

Published: Aug. 22, 2024, 10:36 a.m.

Created: Aug. 22, 2024, 10:36 a.m.

Modified: Aug. 22, 2024, 10:58 a.m.

Indicators

91.222.136.153

185.104.45.51

185.181.165.124

rb.system.com

rb.2f1c0b7d.tbc-app.life

rb-62d3a.tbc-app.life

george.tbc-app.life

nfc.cryptomaker.info

geo-4bfa49b2.tbc-app.life

csob-93ef49e7a.tbc-app.life

app.mobil-csob-cz.eu

raiffeisen-cz.eu

Attack Patterns

NGate

T1509

T1437

T1426

T1417

T1566

Additional Informations

Czechia