Android Malware Steals Money via NFC Technology

Adam Carter
By Adam Carter Add a Comment

A new form of malware targeting Android devices is causing alarm among cybersecurity experts due to its ability to exploit near field communication (NFC) technology. This type of attack can steal money directly from users’ NFC-enabled cards through their smartphones.

What’s Happening & Why This Matters

The malware, named “NGate” by ESET researcher Lukas Stefanko, is particularly dangerous because it can exploit the NFC feature on smartphones to make fraudulent transactions. The attack begins with a social engineering tactic—tricking users into downloading the app from a fake Google Play Store page. Once installed, the malware waits for an NFC-enabled credit card to come within range, usually within a few inches of the infected smartphone.

The stolen payment data is then sent to the attacker’s device, allowing them to make unauthorized purchases or even withdraw money from the victim’s bank account. Although the short range of NFC—typically less than two inches—limits the scope of the attack, relay methods can extend this range to up to three feet, making it a viable threat in crowded public spaces.

credit: Medium

One concerning aspect of this malware is its ability to clone NFC tokens, which could be used to replicate door keycards or other NFC-enabled devices. This adds another layer of risk, as attackers could use this capability to gain unauthorized access to secure areas. ESET has noted that while Android banking attacks are not new, this NFC-based method represents an evolution in tactics. The firm previously reported similar attacks targeting Czech bank customers, where attackers used web apps and social media ads to lure victims.

TF Summary: What’s Next

The rise of NFC-enabled devices has opened up new opportunities for cybercriminals. This latest malware underscores the need for heightened awareness among Android users, particularly when installing apps from unverified sources. Google Play Protect offers some protection, but additional security measures may be necessary to safeguard against these increasingly sophisticated attacks. Users should remain vigilant and consider investing in comprehensive mobile security solutions to protect their financial data from these emerging threats.

— Text-to-Speech (TTS) provided by gspeech

Credit: Android/Phone Arena

Share This Article
Avatar photo
By Adam Carter “TF Enthusiast”
Background:
Adam Carter is a staff writer for TechFyle's TF Sources. He's crafted as a tech enthusiast with a background in engineering and journalism, blending technical know-how with a flair for communication. Adam holds a degree in Electrical Engineering and has worked in various tech startups, giving him first-hand experience with the latest gadgets and technologies. Transitioning into tech journalism, he developed a knack for breaking down complex tech concepts into understandable insights for a broader audience.
Leave a comment
Register Lost your password?