Attackers have improved the scheme of stealing information from bank cards using the NFCGate malware. They create a fake copy of the card that allows making purchases at terminals with NFC technology, VTB reported.
NFCGate is a technology that allows tracking and analyzing NFC traffic, as well as exchanging data between two smartphones on which it is installed. In January 2025, it became known that fraudsters used this technology to steal 40 million rubles from Russian users.
According to experts, attackers have improved their method: instead of creating a virtual copy of the card, they offer the victim to transfer funds to a "protected account," which is actually an NFC clone. This allows criminals to leave no digital traces.
The process consists of several steps: criminals call the victim, posing as employees of a mobile operator, bank, or large company. They use various tricks to convince the person to install a spyware program on their phone.
Then, fraudsters ask to transfer money to a "safe account," for example, through an ATM. When the victim brings the phone to the terminal, funds are credited to the card that belongs to the fraudster. After that, the criminal transfers the money to their accounts in different banks.
The new scheme is dangerous because it makes it difficult for anti-fraud systems to identify such payments, as technologically they are no different from ordinary operations of crediting money to an account.
Experts from F6 warned that to protect themselves from such fraudulent activities, one should avoid installing applications received via links from messengers, SMS, or email newsletters.
It is recommended to use official app stores such as RuStore and Google Play to install applications. It is important to remember that you should not provide CVV and PIN codes of bank cards to third parties, and also enter this data on unknown sites or in applications.
If you are offered to install or update a bank application and are sent a link, call the hotline indicated on the back of the bank card and check whether the offer you received really comes from the bank. If you understand that your bank card has been compromised, immediately block it by calling the bank's hotline or using the banking application.
Earlier, the Ministry of Internal Affairs of Russia reported that attackers began using video communication technology to obtain biometric data, such as voice and facial image, in order to subsequently steal funds from bank accounts.
Read materials on the topic:
CB: Fraudsters began to use virtual images of bank cards of their victims
Fraudsters have learned to track Russians through toothbrushes and temperature sensors
A service for checking registered SIM cards will appear on "Gosuslugi"