NGate: How to protect yourself from this tap-to-pay malware

Swiping is out and tapping is in for easy credit card payments nowadays. However, a new emerging online threat takes advantage of this innovation: NGate.

It fools people into installing fake online banking apps to gain your credentials. Then, the scammer calls you, pretending to be a bank representative.

READ: Keep your data safe with the HP ProBook 455 G8

They inform you of a potential breach of your account, so you should change your PIN. Consequently, the hackers gain access to your account, lock you out, and take your funds.

How does NGate work?

Cybersecurity firm ESET researcher Lukas Stefanko explained NGate in the video above. He says ESET researchers gave that name to this emerging cyber threat because it uses NFCGate.

The latter is an open-source tool for capturing, analyzing, or altering NFC traffic. The acronym stands for Near-Field Communication, a technology that enables two devices to communicate over short distances. 

“NGate malware can relay NFC data from a victim’s card through a compromised device to an attacker’s smartphone, which is then able to emulate the card and withdraw money from an ATM,” Stefanko stated.

Here’s the step-by-step explanation: 

  1. The hacker sends an SMS with a PWA phishing link. PWA stands for “progressive web app,” a website that behaves like an app. The latter works as a fake banking app for the NGate scam.
  2. The text message will inform the victim that their account was compromised. Consequently, they must request a new PIN and verify their banking card details with a mobile app, the NGate app. This step gives the hackers access to your account.
  3. The victim enters their old PIN to create a new one. Next, they’ll place their card on the back of their smartphones to verify or apply the change. 

Hackers use NGate so it’s easier to access the victim’s funds without leaving traces back to their account. Moreover, this scheme could work in other scenarios like cloning smart cards. 

READ: How to check if your Facebook got hacked

The scheme could work by copying the unique ID (UID) of the NFC tag. Later, Google learned about this new online threat and emailed the tech news website Ars Technica:

“Based on our current detections, no apps containing this malware are found on Google Play. Android users are automatically protected against known versions of this malware by Google Play Protect.”

How do you defend yourself against NGate?

Free stock photo from Unsplash

ESET says it discovered NGate in November when attackers used it against three Czech banks. Also, they found six separate NGate apps in non-Google Play sources between then and March 2024. 

Slovakian authorities reported the NGate campaign likely ended when they arrested a 22-year-old boy caught withdrawing money from ATMs.

Investigators warned that the suspect “devised a new way to con people out of money.” More importantly, it may gain traction in other parts of the world, threatening more Android users. 

Tech guide platform Bleeping Computer recommends disabling your phone’s NFC connectivity to avoid this online threat:

  1. Open Settings on your Android phone.
  2. Tap Connected devices.
  3. Then, hit Connection preferences
  4. Select NFC to toggle it to the “off” position.

READ: How to avoid the latest love scams

If you need NFC 24/7, check app permissions in the Settings menu to ensure only important apps have access. Moreover, only install banking apps from the corresponding official page or Google Play. 

Read more...