In Russia, at least 114,000 Android devices have been identified with malicious software installed, based on the legitimate NFCGate application. This software can intercept and transmit bank card data via NFC modules. This was reported by F6, a developer of cybercrime prevention technologies.
NFCGate disguises itself as applications for banks, government services, mobile operators, popular antiviruses, video communication programs, and contactless payments. If effective measures are not taken to combat the new fraud scheme, the number of attacks on Russian bank customers will increase.
It was first noticed in August that fraudsters were using NFCGate — a program that allows data exchange between two smartphones. The goal of cybercriminals is to obtain the NFC tag and PIN code of the user's bank card. According to analysts, the activity of fraudsters using NFCGate has increased significantly recently.
From mid-December to mid-January, experts discovered at least 400 confirmed attacks on customers of major Russian banks. The average amount of write-offs was approximately 100 thousand rubles.
According to F6, the number of recorded attacks increased by 80% in a month. The average amount of damage doubled to 200 thousand rubles, and the total damage more than tripled, reaching about 150 million rubles.
F6 found that attackers use two methods to trick the victim into installing a malicious application on their phone. The first is through persuasion: the fraudster contacts the potential victim via messengers, posing as a bank employee. He offers more favorable terms of cooperation and then sends a link to a phishing page. On this page, the victim is asked to enter personal data to log in to their personal account and install a dangerous mobile application.
The second involves the use of remote access Trojans, such as CraxRAT. These viruses usually get onto smartphones via messengers in the form of APK files, which pretend to be updates to popular applications. They can also masquerade as fake antiviruses, applications for government services, and telecom operators.
Read more on the topic:
It became known who is most often deceived by financial fraudsters
Fraudsters call Russians posing as tech support: how to protect your data
