The New Oil
maniabelNeue NGate-Android-Malware versteckt sich in trojanisierter NFC-Zahlungs-App
Mehr: https://maniabel.work/archiv/1482
#Android #HandyPay #Kartenzahlung #Malware #NFC #NGate-Malware #Trojaner #Sideloading #up2date #infosec
Italian News by RSSPunto Informatico: NGate: furto dei dati di pagamento con app e AI
La nuova variante di NGate sfrutta una versione modificata dell'app HandyPay per installare il malware che permette di clonare la carta di pagamento.
The post NGate: furto dei dati di pagamento con app e AI appeared first on Punto Informatico.
NGate: Payment data theft with app and AI
The new NGate variant exploits a modified version of the HandyPay app to install malware that allows for cloning of payment cards.
https://www.punto-informatico.it/ngate-furto-dati-pagamento-app-ai/
Analyst207NGate Malware Targets Brazil, Trojanizes HandyPay for NFC Data Theft
Security researchers have uncovered a sneaky new Android malware, NGate, that has been hiding in plain sight by infecting a legitimate app called HandyPay, used for NFC data relay, and using AI-generated code to steal payment credentials. This cleverly crafted malware has set its sights on Brazil, putting unsuspecting users atβ¦
#NgateMalware #Handypay #NfcDataTheft #AigeneratedMalware #AndroidMalware
NGate Malware Exploits HandyPay App to Steal Android NFC Payment Data
Malicious NGate malware has been discovered hiding inside a fake version of the HandyPay app, putting Android users' NFC payment data at risk. This sneaky malware exploits a trusted payments tool to steal sensitive information, leaving users vulnerable to financial theft.
#NgateMalware #Android #NfcPaymentData #Handypay #MobilePayments
ESET Research#ESETresearch discovered a new #NGate malware variant that abuses the legitimate #HandyPay app, which has been patched with possibly AI-generated malicious code. The campaign is ongoing and targets Android users in Brazil. https://www.welivesecurity.com/en/eset-research/new-ngate-variant-hides-in-a-trojanized-nfc-payment-app/ @lukasstefanko
HandyPay is an Android app that enables relaying #NFC data from one device to another. Using the trojanized version, attackers can transfer victimβs payment card data to their own device and use it for unauthorized payments. The code can also capture payment card PINs.
Since HandyPay is significantly cheaper compared to paying for established #MaaS offerings with similar NFC relay functionality, the threat actors most probably decided on trojanizing the app as a cost-cutting measure.
We found two NGate samples being used in the campaign: one distributed via a website impersonating a π§π· lottery, the other via a fake Google Play page for a supposed card protection app. The trojanized HandyPay has never been available on the official Google Play store.
The code inside the maliciously patched HandyPay appears to have been developed with the assistance of #AI, as the logs contain emoji that are typical of AI-generated text, although definitive proof remains elusive.
IoCs are available in our GitHub repo: https://github.com/eset/malware-ioc/tree/master/ngate
HandyPay is an Android app that enables relaying #NFC data from one device to another. Using the trojanized version, attackers can transfer victimβs payment card data to their own device and use it for unauthorized payments. The code can also capture payment card PINs.
Since HandyPay is significantly cheaper compared to paying for established #MaaS offerings with similar NFC relay functionality, the threat actors most probably decided on trojanizing the app as a cost-cutting measure.
We found two NGate samples being used in the campaign: one distributed via a website impersonating a π§π· lottery, the other via a fake Google Play page for a supposed card protection app. The trojanized HandyPay has never been available on the official Google Play store.
The code inside the maliciously patched HandyPay appears to have been developed with the assistance of #AI, as the logs contain emoji that are typical of AI-generated text, although definitive proof remains elusive.
IoCs are available in our GitHub repo: https://github.com/eset/malware-ioc/tree/master/ngate
