Fake NGate software targets Android users in Czech Republic scam

Fake NGate software on Android is another threat fraudsters can exploit to steal money from accounts. As noted by researchers at ESET, it has been used in the Czech Republic as part of a fake SMS campaign sent to random users.

The attack begins with a fabricated SMS message in which the attacker suggests checking details regarding a tax return. In practice, victims download an infected Android application, believing it to be related to their banking service.

The program is infected with NGate software, which is capable of stealing payment card data and transmitting it using the NFC module for near-field communication. ESET reports that it had not previously recorded such module use, making this the first known instance.

Fraudsters who obtain card data in this way immediately try to use it at cash machines by attempting withdrawals. When this is impossible, their fallback plan is to hack the victim’s bank account and transfer the funds to their account.

Researchers emphasize that fake NGate software did not reach the Google Play store. This means victims who downloaded fake applications committed several basic security errors, leading to the infection. Firstly, they responded to a fabricated SMS message (most likely with a shortened link, which should generally not be clicked). Secondly, they downloaded the application from outside the official app store for the platform.

The fact that the wave of NGate fraud was carried out in the Czech Republic does not mean that similar action will not soon occur in other countries. Experience shows that fraudsters who succeed in given conditions eagerly expand their activities to neighbouring countries. NGate can just as quickly be used by another group of attackers, so attempts to deceive Polish banking customers in this way in the future cannot be excluded.