A new Android-based malware known as NGate has surfaced, presenting a critical threat to banking security in Poland. This malware operates through a sophisticated NFC relay attack that allows threat actors to orchestrate unauthorized ATM cash withdrawals without the need for physical card theft. Analysts from Cert.PL have identified a series of phishing messages targeting victims, which mislead them into installing a fake banking application. Once installed, the malware captures sensitive information via a relay mechanism, compromising both the card and PIN details of the victim.
The attack specifically utilizes advanced evasion techniques, enabling the malicious app to masquerade as a legitimate payment service on Android devices. Important data, including the command and control (C2) server address, is concealed within encrypted assets of the app. This unique architecture allows attackers to effectively intercept and exfiltrate critical card data, making unauthorized withdrawals feasible. Users are encouraged to safeguard against such threats by downloading apps solely from official sources and verifying any unexpected communications from their banks directly.
👉 Pročitaj original: Cyber Security News
