Eset is warning of a new type of financial attack on Android devices through the installation of fake applications that steal bank card data via Near Field Communication (NFC) technology.
Image source: naipo.de/Unsplash
Cybercriminals trick users into installing malicious apps masquerading as banking apps through phishing calls, SMS messages, or ads leading to fake Google Play Store pages, PCMag reports. These applications are capable of reading data from NFC-compatible bank cards located near the phone. Next, the received information is transferred to the attacker’s device, who can use it to make fraudulent transactions through payment terminals. In some cases, using social engineering or phishing techniques, hackers can gain access to a victim’s bank account through an ATM without even having a physical card.
Eset specialist Lukas Stefanko called this type of malware “NGate” because it is based on NFC technology and a tool called “NFCGate”. For a successful attack, the victim must install a malicious application and also have an NFC-compatible bank card in close proximity to the phone.
Let us remind you that NFC is a short-range wireless data transmission technology that allows you to exchange data between devices located at a distance of approximately 10 centimeters. The technology, while enabling contactless payments and other convenient features, also creates new opportunities for criminals who can scan the contents of wallets using a phone through bags in crowded places. In addition, it is possible to clone NFC tags using special applications, which allows you to copy data from payment cards or access key cards.
Eset and Google recommend that users pay attention to suspicious links and be careful when installing applications, especially if NFC access is requested. It is also noted that banks usually do not require updating their applications through SMS or advertising on social networks.