Android malware attack relays NFC data from your card to thief standing at an ATM wiping you out

Hackers and cyber thieves are always working to outdo themselves in the never-ending battle to get into your phone and steal your hard earned cash. Newly discovered Android malware uses the NFC reader on an infected device to get the payment data from your handset and relays that info to attackers. This malware will allow the thieves to use your data at ATMs and POS (point of sale) machines to pull out money or pay for purchases at the cash register.

Discovered by cybersecurity firm ESET, the firm named the malware NGate because the NFCGate toolkit used to analyze NFC traffic is employed by the attackers. Czech police busted up a gang using a similar scheme after arresting one of the members withdrawing cash out of an ATM machine in Prague.  Here is how the scam operated. The victim would receive a text urgently demanding that they install an app because of an issue with their tax return. This text would contain a link to a fake website that collected the victim's credentials
giving the attacker access to the target's bank account.

The victim would then receive a phone call from the attacker pretending to be a bank employee. The banking customer would be told that a text was being sent to him with a link to an app that would be used to protect his account by allowing him to change his PIN number and verify his card. The victim is asked to enable NFC on his phone and to scan the card. The mobile app was actually NGate malware.

The malware can relay NFC data from the victim's card through a compromised smartphone to the attacker's smartphone which can then emulate the card. As a result, the criminal would receive the information in real time and withdraw money from an ATM. It's scary, to be sure.

Google said that no such malware was found in apps listed in the Play Store. Google noted that its Play Protect feature warns users and blocks apps showing malicious behavior even if those apps come from third-party sources. Six NGate laden apps were discovered from non-Play Store sources between November and March that attacked three Czech banks.

How can you make sure that you don't become a victim? Never send personal information including PIN numbers online. Even if it seems that the text or email you received is legit, just do not hand over any personal data. Always assume that you're being scammed. Confirm requests for information by calling the company requesting it. Get the phone number from Google, do not call the number listed in the text.