Cybersecurity researchers have discovered a new Android malware called the NGate. The exploit uses trusted payment apps and gateways to steal sensitive financial data such as card PINs or payment IDs. What’s more concerning is that the malware is reportedly using AI-powered techniques to advance itself and become harder to detect.
NGate Android malware uses AI techniques to steal card data and PINs via NFC
Security experts from ESET recently found out that the NGate malware is now abusing a legitimate Android payment app, HandyPay. Instead of building the exploit from scratch, the attackers have modified the payment app by injecting harmful code. Lukáš Štefanko, a cybersecurity researcher, has said the attackers may have used AI to advance the exploit and make it easier to produce and harder to detect.
Once the malware-infected app is installed, it starts capturing NFC payment data when the user taps their card on the phone. The exploit also captures sensitive card information, such as the PIN and details, and sends it to the attackers. This is not the first time that NGate has been caught stealing payment data. However, instead of using other tools, the criminals have now switched to the HandyPay app. This helps them avoid suspicion since the app requires limited permissions on Android devices.
Brazil is the most targeted country for malware
The security report further mentions that the NGate malware mainly targets users in Brazil. Victims are lured into installing the infected app using fake lottery websites or pages that look like official app listings. The fake pages not only guide users to install the app but also to set it as the default payment service.
Once the victim installs the app, the system prompts them to enter their PIN and tap their card. At this particular moment, malware captures and transfers the data to criminals, who can then withdraw cash or make payments. Since the malware runs hidden inside the app, it becomes nearly impossible for the user to suspect anything. Basically, all their important financial data is actively stolen while they sit relaxed.
