In Russia, at least 114,000 Android devices have been identified with malicious software installed, created on the basis of the legal application NFCGate. This software is capable of intercepting and transmitting bank card data via NFC modules. This was reported by F6, a developer of technologies for combating cybercrime.
NFCGate masquerades as applications of banks, government services, mobile operators, popular antiviruses, video communication programs, and contactless payments. If effective measures are not taken to combat the new fraud scheme, the number of attacks on Russian bank customers will increase.
It was first noticed in August that fraudsters were using NFCGate, a program that allows data exchange between two smartphones. The goal of cybercriminals is to obtain the NFC tag and PIN code of the user's bank card. According to analysts, the activity of fraudsters using NFCGate has increased significantly recently.
From mid-December to mid-January, experts discovered at least 400 confirmed attacks on clients of major Russian banks. The average write-off amount was approximately 100 thousand rubles.
According to F6, the number of recorded attacks increased by 80% in a month. The average amount of damage doubled to 200 thousand rubles, and the total damage more than tripled, reaching about 150 million rubles.
F6 found out that attackers use two methods to trick the victim into installing a malicious application on their phone. The first is persuasion: the fraudster contacts the potential victim through messengers, posing as a bank employee. He offers more favorable terms of cooperation, and then sends a link to a phishing page. On this page, the victim is asked to enter personal data to log in to their personal account and install a dangerous mobile application.
The second involves the use of remote access Trojans, such as CraxRAT. These viruses usually get onto smartphones via messengers in the form of APK files that pretend to be updates to popular applications. They can also masquerade as fake antiviruses, applications of government services and telecom operators.
Read more on the topic:
It became known who is most often deceived by financial fraudsters
Fraudsters call Russians posing as technical support: how to protect your data
