ESET researchers have identified a new variant of the NGate malware family that exploits the legitimate Android application HandyPay to conduct NFC-based fraud. Unlike previous versions that utilized the NFCGate tool, this variant features a trojanized version of HandyPay, likely modified using generative AI tools as evidenced by specific emojis in the code logs. The malware enables attackers to relay NFC data from a victim's payment card to their own device, facilitating unauthorized contactless payments and ATM withdrawals.
The campaign primarily targets Android users in Brazil through social engineering tactics, including fake lottery websites and fraudulent "Card Protection" apps. In addition to relaying NFC traffic, the malicious code is specifically designed to capture and exfiltrate payment card PINs to a command-and-control server. This development highlights a growing trend of utilizing GenAI to lower the technical barrier for cybercriminals and the increasing sophistication of mobile NFC-based attacks across South America.
Top comments (0)