A new variant of the NGate malware is targeting Android users by disguising itself within a trojanized version of the HandyPay NFC payment app, stealing payment card information through NFC technology. Researchers from ESET have identified its distribution methods, which include fake apps and lottery scams, and advise users to avoid downloading APKs from untrusted sources and to disable NFC when not needed.
The NGate Android malware's shift to using the HandyPay NFC app for stealing card data highlights the importance of monitoring mobile apps for trojanized versions that could be used for data exfiltration. This underscores the need for cybersecurity teams to focus on mobile threat intelligence and ensure robust endpoint security measures are in place, particularly for Android devices in high-risk regions like Brazil.