New NGate variant hides in a trojanized NFC payment app
welivesecurity.com
ESET Research has discovered a new variant of the NGate malware family that abuses a legitimate Android application called HandyPay, instead of the previously leveraged NFCGate tool. The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appears to have been AI-generated. As with previous iterations of NGate, the malicious code allows the attackers to transfer NFC data from the victim’s payment card to their own device and use it for contactless ATM cash-outs and unauthorized payments. Additionally, the code can also capture the victim’s payment card PIN and exfiltrate it to the operators’ C&C server.
Key points of this blogpost:
- ESET researchers discovered a new NGate malware variant abusing the legitimate Android HandyPay application.
- To trojanize HandyPay, threat actors most probably used GenAI, indicated by emoji left in the logs that are typical of AI-generated text.
- The ...
Copyright of this story solely belongs to welivesecurity.com . To see the full text click HERE