Researchers say the NGate malware is a sophisticated tool for cybercriminals, allowing them to siphon cash from ATMs without the victim’s card. Once an infected phone captures the data, an accomplice near an ATM can use the information to execute a withdrawal. The malware’s ability to capture fresh, one-time authentication codes makes it particularly dangerous, as it bypasses traditional security measures. This method is highly effective because the malware waits until the victim completes a transaction on their phone, at which point it gathers all necessary data for the ATM to authorize the withdrawal.
Attackers often use phishing messages to trick users into installing fake banking apps. These apps are usually distributed through non-official sources, increasing the chances of infection. Once installed, the app tricks the victim into granting permissions that allow the malware to read NFC activity. This data is then transmitted to the attackers’ server, where it is used to perform the withdrawal. The speed at which the data is transferred and the use of the stolen one-time codes make this attack particularly hard to detect and reverse once the withdrawal is complete.
Security experts warn that users should be cautious about downloading apps from outside the official Android Play Store, as these are often the vectors through which malware like NGate spreads. Google’s built-in security features, such as Play Protect, aim to scan and remove harmful apps. However, these tools are not 100% foolproof, and users must remain vigilant. Experts recommend using strong antivirus software and enabling two-factor authentication for their banking accounts to add an extra layer of protection against such threats.
Additionally, users should avoid responding to unsolicited messages that claim there is a problem with their bank account. These messages are often used to pressure users into acting quickly and installing malicious apps. Instead, users should contact their bank through official channels to verify the legitimacy of any suspicious communications. Maintaining good digital hygiene, such as uninstalling unused apps and checking app permissions, can also significantly reduce the risk of becoming a victim of such attacks. The incident highlights the growing sophistication of cybercriminal tactics and the importance of proactive measures in protecting financial data and assets.