NGate Android malware relays NFC traffic to steal cash
Aug. 22, 2024, 10:58 a.m.
Tags
External References
Description
ESET researchers uncovered a crimeware campaign targeting bank customers in Czechia. The NGate Android malware can relay NFC data from victims' payment cards to attackers' devices, enabling unauthorized ATM withdrawals. It's the first time this capability has been observed in the wild. The campaign evolved from using phishing PWAs and WebAPKs to deploying NGate, which tricks victims into providing banking details and NFC card data.
Date
Published: Aug. 22, 2024, 10:36 a.m.
Created: Aug. 22, 2024, 10:36 a.m.
Modified: Aug. 22, 2024, 10:58 a.m.
Indicators
91.222.136.153
185.104.45.51
185.181.165.124
rb.system.com
rb.2f1c0b7d.tbc-app.life
rb-62d3a.tbc-app.life
george.tbc-app.life
nfc.cryptomaker.info
geo-4bfa49b2.tbc-app.life
csob-93ef49e7a.tbc-app.life
app.mobil-csob-cz.eu
raiffeisen-cz.eu
Attack Patterns
NGate
T1509
T1437
T1426
T1417
T1566
Additional Informations
Czechia