Was that a long read? I’ll make it easier…
What is the story
Cybersecurity experts at ESET have discovered a new method that cybercriminals use to steal data from smartphone users.
This technology takes advantage of the Near Field Communications (NFC) chip in your devices.
This multi-stage scam requires a certain level of naivety on the part of the victim and uses progressive web apps (PWAs), advanced WebAPKs, and significant social engineering tactics.
The consequences of this fraud go beyond financial theft, as NFC technology is used in various services such as access cards and transport tickets.
The scam starts with a misleading message
The scam begins when the victim receives a text message or automated call in which the scammers pretend to be their bank.
They ask the victim to install a malicious PWA or WebAPK, claiming that these are important updates.
These apps work differently than traditional apps and do not require similar permissions. Instead, they gain the necessary access by exploiting the browser’s API.
The fraudsters then contact the victim again, pretending to be a bank employee and alerting them to a security breach.
NGate: The malware that intercepts NFC data
The scammers then convince the victim to download an app called NGate, which they claim can verify the victim’s payment card and PIN number.
This malware can collect NFC data from payment cards that are located near the infected device.
It then transmits this information to the attackers either directly or via a proxy.
The transfer is facilitated by an open source component called NFCGate, which enables recording, forwarding, playback and cloning capabilities on the device.
The consequences of falling for the scam
Once the victim reveals their PIN number, the fraudsters can use this data to clone their card on their own smartphone.
You can then withdraw cash from ATMs or make purchases at POS endpoints.
Google responded to these findings by explaining that its standard security tool, Google Play Protect, could detect this malware.
“Based on our current findings, no apps containing this malware have been found on Google Play,” said a Google representative PiepComputer.
How to reduce the risk
To reduce the risk, disable NFC on your device when you are not using it. Go to Settings > Connected devices > Connection settings > NFC and turn it off.
If NFC must always be active, carefully review app permissions and restrict access to only required apps.
Only install banking apps from the official website or Google Play and make sure the app is not a WebAPK. WebAPKs are usually very small and are installed directly through a browser.
