Security researchers have uncovered a dangerous new Android malware called NGate, which enables criminals to steal one-time NFC payment codes and withdraw cash from ATMs without using a victim’s physical card. Developed by Polish cybersecurity experts, NGate intercepts the sensitive data generated during NFC transactions, which includes the card’s PIN and fresh, legitimate authentication codes. These codes, typically used for secure contactless payments, allow attackers to bypass standard security measures and perform real-time cash withdrawals at ATMs.
The malware spreads through phishing campaigns that trick victims into downloading a fake banking app from non-official sources. Once installed, the app prompts users to complete fake verification steps, granting it access to monitor NFC activity. During these interactions, the malware captures one-time authentication codes generated by modern Visa and Mastercard chip readers. These codes are then sent to an attacker’s server, where they are used by accomplices to execute cash withdrawals using card-emulating devices.
Cybersecurity experts warn that this threat represents a significant evolution in financial cybercrime. Unlike traditional card-skimming schemes, NGate exploits the secure NFC infrastructure used by modern payment systems. The malware doesn’t interfere with the hardware itself; instead, it exploits human behavior and the convenience of digital payments to steal critical authentication data. Experts emphasize that the best defense is maintaining strong digital hygiene, such as avoiding app downloads from unofficial sources and using security protections like antivirus software, two-factor authentication, and password managers. Regularly updating apps and operating systems also minimizes the risk of falling victim to cybercriminal tactics like NGate.
Security researchers have uncovered a dangerous new Android malware called NGate, which enables criminals to steal one-time NFC payment codes and withdraw cash from ATMs without using a victim’s physical card. Developed by Polish cybersecurity experts, NGate intercepts the sensitive data generated during NFC transactions, which includes the card’s PIN and fresh, legitimate authentication codes. These codes, typically used for secure contactless payments, allow attackers to bypass standard security measures and perform real-time cash withdrawals at ATMs.
The malware spreads through phishing campaigns that trick victims into downloading a fake banking app from non-official sources. Once installed, the app prompts users to complete fake verification steps, granting it access to monitor NFC activity. During these interactions, the malware captures one-time authentication codes generated by modern Visa and Mastercard chip readers. These codes are then sent to an attacker’s server, where they are used by accomplices to execute cash withdrawals using card-emulating devices.
Cybersecurity experts warn that this threat represents a significant evolution in financial cybercrime. Unlike traditional card-skimming schemes, NGate exploits the secure NFC infrastructure used by modern payment systems. The malware doesn’t interfere with the hardware itself; instead, it exploits human behavior and the convenience of digital payments to steal critical authentication data. Experts emphasize that the best defense is maintaining strong digital hygiene, such as avoiding app downloads from unofficial sources and using security protections like antivirus software, two-factor authentication, and password managers. Regularly updating apps and operating systems also minimizes the risk of falling victim to cybercriminal tactics like NGate.