Ethical Hacking News
NGate, a malware variant that was originally documented in mid-2024, has been found to be using the HandyPay NFC app on Android devices to steal payment card data. This new development highlights the ongoing threat of mobile malware and the importance of users taking steps to protect themselves against such attacks.
NGate, a malware variant, is using the HandyPay NFC app on Android devices to steal payment card data. The malware targets primarily Android devices in Brazil, spreading through fake app downloads and lottery websites. The attack prompts users to set the app as default, request their card PIN, and tap their card for reading. The collected information is sent to an attacker's hardcoded email address within the app. Device owners are advised to take steps to protect themselves against mobile malware, such as staying updated with security patches and using Play Protect.
NGate, a malware variant that was originally documented in mid-2024, has been found to be using the HandyPay NFC app on Android devices to steal payment card data. This new development highlights the ongoing threat of mobile malware and the importance of users taking steps to protect themselves against such attacks.
In 2024, NGate was discovered to be a malware variant that specifically targeted Android devices. It had been designed to steal payment card information through the use of the mobile device's near-field communication (NFC) chip. The data stolen by NGate would then be sent to an attacker who could create virtual cards and use them for unauthorized purchases or withdrawals from ATMs with NFC support.
Since its discovery, NGate has undergone several updates and iterations, including a new variant that uses the HandyPay app to steal payment card information. According to researchers at ESET, this latest variant of NGate contains malicious code that has been injected into the HandyPay app, which then uses an open-source tool called NFCGate to capture, relay, and replay the payment card information.
The reason behind the transition from NFCGate to HandyPay is likely financial in nature, as both tools are designed for NFC-based data transmission between devices. However, ESET suggests that evasion may also play a role in this decision, particularly given the high cost of NFU Pay and TX-NFC, two NFC relaying tools that are considered "noisy" on infected devices. These costs can range from around $400 to $500 per month.
In terms of distribution methods, the latest NGate variant targets primarily Android devices in Brazil, using a combination of fake app downloads and lottery websites to spread its malware. Once installed, the app prompts users to set it as the default NFC payment app, requests their card PIN, and asks them to tap their card on the phone for reading.
All the information collected through these means is then delivered to an attacker's email address that is hardcoded into the app. This highlights the importance of Android users taking steps to protect themselves against such attacks, including never downloading APKs from outside Google Play unless they explicitly trust the publisher, disabling NFC if not needed, and scanning for threats with Play Protect.
Furthermore, this new development underscores the ongoing threat of mobile malware and the need for continued vigilance on the part of device owners. It also highlights the importance of staying up-to-date with the latest security patches and updates to ensure that devices are protected against such attacks.
In conclusion, the use of HandyPay NFC app by NGate Android malware is a concerning development that highlights the ongoing threat of mobile malware. By taking steps to protect themselves against such attacks and staying informed about the latest security developments, device owners can reduce their risk of falling victim to these types of cyber-attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/NGate-Android-Malware-Exploits-HandyPay-NFC-App-to-Steal-Payment-Card-Data-ehn.shtml
https://www.bleepingcomputer.com/news/security/ngate-android-malware-uses-handypay-nfc-app-to-steal-card-data/
https://cyberinsider.com/new-ngate-android-malware-variant-uses-nfc-app-to-steal-card-data/
https://www.welivesecurity.com/en/eset-research/new-ngate-variant-hides-in-a-trojanized-nfc-payment-app/
Published: Tue Apr 21 04:37:57 2026 by llama3.2 3B Q4_K_M
