A malicious application called NGate was recorded in several European countries at the end of 2023, but it is spreading around the world and threatens Russia. The threats of NGate were reported by the technical publication Bleeping Computer, citing a study by the antivirus and cybersecurity solutions developer ESET.
How the NGate Virus Works
The attack proceeds in two stages. The first stage begins with malicious text messages, automated calls with pre-recorded messages, or pop-up malicious advertisements disguised as urgent security updates and a copy of the bank's interface. A frightened user downloads a malicious WebAPK-type application from their browser directly to their smartphone, without going to mobile application stores.
In the second stage, fraudsters call the victim, posing as bank employees, and inform them of problems with their bank account. They then send an SMS message with a link to download NGate.
The NGate fraudsters position it as an application for checking a bank payment card and PIN code. As soon as the victim scans the card with their smartphone and enters the PIN code to supposedly check that everything is in order with the card and account, the PIN code is transmitted to the attackers.
After installing NGate on a smartphone, this application activates the open-source project NFCGate, which was once developed by university researchers for testing and experimenting with NFC. NFCGate supports capture, relay, replay, and cloning functions on the device.
NGate uses this tool to collect NFC data from payment cards in the immediate vicinity of the infected device and then transmit it to the attacker's device either directly or through a server. The attacker can save this data as a virtual card on their device and replay the signal at ATMs using NFC technology to withdraw cash, or make a payment at points of sale [via PoS terminals, editor's note].
That is, the NFCGate attacker can even use it to scan and collect card data in the wallets and backpacks of their victim's neighbors in the subway or store, and even make a payment from these cards.
NGate, as noted by ESET representatives, can be used not only for hacking bank cards and stealing funds. The virus helps to hack transport tickets, identification badges of large companies, membership cards, and other objects using NFC-based technologies.
Does NGate Threaten Russians
One of the most famous Russian "white" hackers, the general director of "Cyberpolygon," Luka Safonov, has already assessed the risks of NGate spreading in Russia. As he noted in an interview with the Russian business portal BFM.ru, modern Android smartphones are well protected from malicious impact. However, it is worth setting a PIN code to protect your card if it does not have one.
The question is that you usually keep your phone in your pocket with cards. Many also have a pocket for cards on the phone case. And if the phone recognizes an NFT device nearby, it reads it. If it is a card, it tries to read the data for sending to attackers. I don't think it's worth talking about an epidemic yet, because an epidemic implies a large number of infections, and therefore, a large publicity. In fact, it [the NGate virus] is more known among experts, virus analysts, and so on.
Safonov believes that these are "quite complex attacks", and he doubts that ordinary Russian users may encounter it. Such attacks require "quite expensive equipment, setup for this particular purpose, and so on, so here the risk is minimal."
Users are advised to use the official repository, especially since we have a fairly popular RuStore now. It is better to install programs through it, without using any third-party file sharing services, and so on, including even Google Play, the same social marketplace for applications. Even it, unfortunately, does not guarantee that you will not download a virus.
How to Protect Android from NFC Hacking
Cybersecurity experts give smartphone users several tips:
- if you do not use NFC actively, you can reduce the risk of hacking by disabling the NFC chip on your device. Go to "Settings", then to "Connected devices", to "Connection settings" and then to NFC, and set the switch to the "off" position;
- if you need to constantly activate NFC, carefully study the permissions for all applications on your smartphone, and leave access only for those applications that need it;
- install banking applications only from the official website of the bank, or from official mobile application stores;
- be sure to make sure that the application you are using is not a WebAPK. WebAPKs are usually very small in size, are installed directly from the browser page, are not displayed in the "/data/app" section, like standard Android applications, and contain unusually limited information in the "Settings" and "Applications" sections.
Also, do not forget about an antivirus solution for your smartphone.
Read materials on the topic:
Russia plans to create its own register of "white" hackers
Chinese hackers from the APT27 and APT31 groups are attacking Russia
Russian Fplus has created the first crypto lock for secure server management