A new Android malware dubbed NGate has been discovered by CERT Polska researchers, using Near Field Communication (NFC) technology to carry out sophisticated financial fraud. Instead of stealing physical cards, NGate exploits a phone’s NFC reader to intercept dynamic payment data and PINs during legitimate tap-to-pay or verification transactions.
Victims are lured through phishing campaigns and social engineering, often receiving fake alerts or calls urging them to install counterfeit banking apps from malicious links. Once installed, the fake app requests permissions and instructs users to place their card near the phone and enter their PIN “for verification.” In reality, NGate silently captures all cryptographic data in real time.
The stolen NFC data — including one-time cryptograms and PINs — is then transmitted to cybercriminals stationed at ATMs equipped with NFC-enabled emulators. This allows instant, unauthorized withdrawals without needing the physical card.
Unlike older banking trojans, NGate targets dynamic NFC tokens, making it harder for traditional fraud detection systems to identify or block the attack. Its success depends on tightly synchronized operations between infected users and accomplices withdrawing money simultaneously.
The emergence of NGate highlights growing vulnerabilities in mobile payment ecosystems, where trust in contactless technology is being weaponized. Experts urge users to download apps only from official stores, verify app authenticity, and keep devices updated. Banks are advised to strengthen behavioral analytics and real-time monitoring to detect abnormal NFC-based withdrawals.
NGate marks a dangerous evolution in real-world financial malware.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
