New research conducted by cybersecurity company ESET has uncovered a new cyberattack campaign targeting Android users. The attack utilizes a complex social engineering scheme and new Android malware to steal users’ near field communication data, allowing the cybercriminals to withdraw cash from NFC-enabled ATMs.
Initially, the threat actor used progressive web app technology to trick users into installing malicious apps from websites outside of the Play Store. These apps, accessed through supported browsers, could lead users to phishing websites to collect sensitive information. The threat actor then switched to using WebAPKs, a more advanced form of PWA, to create standalone apps that appear legitimate but are actually malicious.
The attack also involves the distribution of a new malware called NGate, which tricks users into providing banking information through a fake website. The malware also embedded a tool called NFCGate, allowing the cybercriminals to relay NFC data between devices. The stolen information can be used for traditional fraud or to withdraw money from NFC-enabled ATMs.
The campaign has been identified in the Czech Republic, where a suspect has been arrested. However, there is a possibility of the attack spreading to other regions. To protect against this threat, users are advised to verify the source of applications, avoid downloading software from unofficial sources, and avoid sharing payment card PIN codes. Additionally, users should deactivate NFC when not in use and use virtual cards stored securely on devices. Security software should also be installed on mobile devices to detect malware.
