Besides digitally draining your bank account, hackers can now steal your card details to make cash withdrawals right from an ATM.
The Polish Computer Emergency Response Team (CERT Polska) has discovered a new malware strain that targets Android devices in order to steal debit card details and PIN information which are then used by hackers to make ATM withdrawals.
According to the Malwarebytes Blog, the NGate malware uses both social engineering and NFC technology to exfiltrate banking data from a victim’s phone and then an accomplice drains their account. Surprisingly no one ever has to physically steal or touch a victim’s bank card to access their account.
You may like
NFC (near field communication) is a wireless technology that lets devices communicate when nearby and it’s used in smartphones, payment cards and terminals. When a mobile device is infected with the NGate malware, attackers can capture the NFC activity, forward the transaction data to devices at nearby ATMs and the stolen data is then used by an accomplice on a phone or smartwatch to take out cash. However, this sophisticated attack takes planning and requires multiple steps.
First the malware needs to be installed on the targeted device. For this, it’s usually planted via social engineering tricks like phishing emails or SMS messages with warnings about fake security or technical issues with a bank account. Sometimes these fake messages are followed up with a phone call to make them appear more legitimate; the caller will then ask potential victims to download a “banking app” to help fix the issue. The app is usually from a non-official source (not the Google Play Store), and will ask for unnecessary permissions and financial information.
How to stay safe from NGate malware
(Image credit: Tero Vesalainen / Shutterstock)
This malware is specific in that it requires multiple steps, so it can be easy to avoid if you can make sure to protect yourself from the layers of attack. First off, make sure to look out for social engineering tactics when dealing with strangers or those who claim to represent a bank or other business. Likewise, only download apps from the Google Play Store or trusted developers. Whatever you do, absolutely don’t download banking and financial apps from links sent to you through social media, texts or unknown sources.
You also want to make sure you don’t give out financial information to people you don’t know. Never click on links, download anything, or use QR codes from strangers too. If someone calls, emails or texts claiming to be from your financial institution and says there is a problem with your account, delete the email, hang up, or block the text sender and reach out to your provider through an independent manner – a phone number you find on your debit card or account statement is always a good idea.
At the same time, you can also protect your mobile devices just like your laptop or computer with antivirus software. We highly recommend the best Android antivirus apps as they can scan for malware, provide phishing protection and even turn off apps that might pose a security risk. However, if you already have a subscription to the best antivirus software for your computer, you may already have the option to secure your mobile devices through it, so check with your antivirus provider to see what kind of mobile protection it offers.
Hackers and cybercriminals keep coming up with new ways to con you out of your hard-earned cash which is why its pays (literally) to stay on top of the latest attack methods and threats. And once you do, make sure you share that knowledge with your family and friends too, so they can avoid falling victim to a dangerous attack like this one.
Follow Tom’s Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
More from Tom’s Guide
Today’s best Bitdefender Mobile Security deals
