Cybercriminals have reportedly found a way to steal data from smartphone users by exfiltrating the data read by their device’s NFC (Near Field Communication) chip.
The scam was revealed According to cybersecurity researchers at ESET, it involves progressive web apps (PWA), sophisticated WebAPKs and a heavy dose of social engineering in a multi-step approach that requires some naivety from the victim.
But it’s not just about stealing money. Many different services use NFC technology, such as access cards, transportation tickets and more. This can cause a lot of misery for victims.
Enter NGate
It all starts with a text message or an automated phone call to the victim, in which the scammers pretend to be the victim’s bank and urge them to install a malicious PWA or WebAPK, claiming that they are important updates. Since these apps don’t work the same way as classic apps, they don’t need the same permissions. Instead, they get the necessary access by abusing the browser’s API.
Once that part is done, the fraudsters call the victim, posing as a bank employee, and warn them of a security breach. The only way to keep their money safe, the scammers explain, is to download an app that verifies the debit card, and more importantly – the PIN.
The app is NGate, malware that can capture NFC data from payment cards placed close to the infected device and then send it to the attackers, either directly or via a proxy. This is done via an open-source component called NFCGate, a research project that enables capture, relay, replay, and cloning functions on the device.
Once the victim shares their PIN, the game is over. The crooks would use the data to clone the card on their smartphones and withdraw money from ATMs or make purchases at POS terminals.
Google said that Google Play Protect, Android’s default security tool, detects this malware.
“Based on our current detections, no apps containing this malware have been found on Google Play.
In general, Google does a good job of keeping its mobile app repository clean, and most fake and malicious apps are usually hosted elsewhere on the internet. Therefore, the best way to stay safe is to only download Android apps from trusted sources.
Via BleepingComputer