Malware, Phishing

UPDATE: New Android Malware used in phishing campaign

Share
(Adobe Stock)

UPDATE: Cybercriminals used a novel Android malware strain in a sophisticated phishing campaign that targeted customers of three Czech banks, reports The Record, a news site by cybersecurity firm Recorded Future.

According to ESET researchers who discovered the campaign, the malware, which they named NGate, mimicked legitimate banking apps, convincing victims to download a malicious app via phishing messages that claimed their devices were compromised.

In a statement by Google to SC Media regarding the Android-based malware strain NGate it stated: "Based on our current detections, no apps containing this malware are found on Google Play. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play."  

ESET said once the malware was present on the targeted device, users were asked to input sensitive banking information and enable the NFC feature on their smartphones. This allowed adversaries to relay payment card data directly to the attackers' devices. This allowed the hackers to perform unauthorized ATM transactions or transfer funds from victims' accounts. The campaign, which began in November 2023, marked the first time such an NFC relay technique has been observed in Android malware, according to the researchers. The group behind the attacks seemingly halted operations after a suspected member’s arrest in March 2024, although ESET urges users to exercise caution online, verify URLs, secure PINs, disable NFC when not in use, and consider using virtual cards for added protection.

(This new brief was updated at 1:15pm ET on 8/23 with a comment from a Google spokesperson.)

Related Terms

Adware

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.