A malicious application called NGate was recorded in several European countries at the end of 2023, but it is spreading around the world and threatens Russia. The technical publication Bleeping Computer reported on the threats of NGate, citing a study by the antivirus and cybersecurity solutions developer ESET.
How the NGate Virus Works
The attack takes place in two stages. The first stage begins with malicious text messages, automated calls with pre-recorded messages, or pop-up malicious advertising disguised as urgent security updates and a copy of the bank's interface. A frightened user downloads a malicious WebAPK-type application from their browser directly to their smartphone, without going to mobile application stores.
In the second stage, fraudsters call the victim, posing as bank employees, and inform them of problems with their bank account. They then send an SMS message with a link to download NGate.
NGate is positioned by fraudsters as an application for checking bank payment cards and PIN codes. As soon as the victim scans the card with their smartphone and enters the PIN code to supposedly verify that everything is in order with the card and account, the PIN code is transmitted to the attackers.
After installing NGate on a smartphone, this application activates the open source project NFCGate, which was once developed by university researchers for testing and experimenting with NFC. NFCGate supports capture, relay, replay, and cloning functions on the device.
NGate uses this tool to collect NFC data from payment cards in close proximity to the infected device and then transmit it to the attacker's device either directly or through a server. The attacker can save this data as a virtual card on their device and reproduce the signal at ATMs using NFC technology to withdraw cash, or make a payment at points of sale [via PoS terminals, editor's note].
That is, the attacker can even use NFCGate to scan and collect card data in the wallets and backpacks of their victim's neighbors in the subway or store, and even make a payment from these cards.
NGate, as noted by ESET representatives, can be used not only to hack bank cards and steal funds. The virus helps to hack transport tickets, identification badges of large companies, membership cards, and other objects using NFC-based technologies.
Does NGate Threaten Russians
One of the most famous Russian "white" hackers, the general director of "Cyberpolygon," Luka Safonov, has already assessed the risks of NGate spreading in Russia. As he noted in an interview with the Russian business portal BFM.ru, modern Android smartphones are sufficiently protected from malicious impact. However, it is worth setting a PIN code to protect your card if it does not have one.
The question is that you usually keep your phone in your pocket with your cards. Many people also have a pocket for cards on their phone case. And if the phone recognizes an NFT device nearby, it reads it. If it is a card, it tries to read the data for forwarding to attackers. I don't think it's worth talking about an epidemic yet, because an epidemic implies a large number of infections, and therefore, a lot of publicity. In fact, it [the NGate virus] is more known among experts, virus analysts, and so on.
Safonov believes that these are "quite complex attacks", and he doubts that ordinary Russian users may encounter them. Such attacks require "quite expensive equipment, configuration for this particular purpose, and so on, so here the risk is minimal."
Users are advised to use the official repository, especially since RuStore is quite popular now. It is better to install programs through it, without using any third-party file sharing services, and so on, including even Google Play, the same social marketplace for applications. Even it, unfortunately, does not guarantee that you will not download a virus.
How to Protect Android from NFC Hacking
Cybersecurity experts give smartphone users several tips:
- if you do not actively use NFC, you can reduce the risk of hacking by disabling the NFC chip on your device. Go to "Settings", then to "Connected devices", to "Connection settings" and then to NFC, and set the switch to the "off" position;
- if you need to constantly activate NFC, carefully study the permissions for all applications on your smartphone, and leave access only for those applications that need it;
- install banking applications only from the official website of the bank, or from official mobile application stores;
- be sure to make sure that the application you are using is not a WebAPK. WebAPKs are usually very small in size, are installed directly from the browser page, are not displayed in the "/data/app" section, like standard Android applications, and contain unusually limited information in the "Settings" and "Applications" sections.
Also, do not forget about an antivirus solution for your smartphone.
Read materials on the topic:
Russia plans to create its own register of "white" hackers
Chinese hackers from the APT27 and APT31 groups are attacking Russia
Russian Fplus has created the first crypto lock for secure server management