Android malware steals credit card data using new technique

Cybercriminals continue to find new ways to defraud users, and never-before-seen methods are beginning to proliferate.

Now ESET researchers I found out An Android malware capable of stealing credit card data, using the NFC reader on an infected device, and transmitting the data to the attackers.

Essentially, the card is cloned so that it can be used at ATMs or point-of-sale terminals.

They named this malware I survived Because it includes NFCGate, an open source tool for capturing, analyzing, or altering NFC traffic.

“This is a new attack scenario for Android and the first time we have seen Android malware used with this capability,” said Lukas Stefanko, a researcher at ESET.

“NGate malware can transmit NFC data from a victim’s card through a compromised device to the attacker’s smartphone, which can then spoof the card and withdraw money from an ATM.”

Malware It may originally be installed through phishing campaigns. Tricking victims into installing it from fraudulent domains pretending to be banks or official apps.

Some of these requests were submitted in the form of: Progressive Web Apps Which can be installed on both Android and iOS devices.

It appears that the person responsible for the scam was already arrested in March.

“The attack scenario began with the attackers sending text messages to potential victims about their tax return, including a link to a phishing website pretending to be a bank. Most likely, these links led to malicious PWAs. Once the victim installed the app and entered their credentials, the attacker was able to access the victim’s account. The attacker then contacted the victim, pretending to be a bank employee. The victim was informed that their account had been hacked, most likely due to the previous text message. The attacker was telling the truth: the victim’s account had been hacked, but this truth then led to another lie.

To “protect” their funds, the victim was asked to change their PIN and verify their bank card using a mobile app (NGate malware). A link to download NGate was sent via SMS. “We believe that within the NGate app, victims would enter their old PIN to create a new one and hold their card to the back of their smartphone to verify or apply the change.”

“Since the attacker already had access to the compromised account, they could change the withdrawal limits. If the NFC migration method doesn’t work, you can simply transfer the funds to another account. However, using NGate makes it easier for the attacker to access the victim’s funds without leaving traces leading back to the attacker’s bank account.

Researchers point out This type of attack can be used in other scenarios, such as cloning some smart cards, which are used for other purposes..

This cloning can arise in situations where an attacker has physical access to the card or can briefly read the card in wallets, purses, backpacks, or cell phone cases.

Get to know How we work in Computer today.

Tags: Malware