🎯Basically, a new malware hides in a fake payment app to steal people's card information.
What Happened
ESET researchers have discovered a new variant of the NGate malware family that exploits a legitimate Android application called HandyPay. This malware variant, possibly developed with AI assistance, allows attackers to steal NFC data from victims' payment cards. The attackers modified the HandyPay app to include malicious code, enabling unauthorized ATM cash-outs and payments.
Who's Being Targeted
The ongoing campaign primarily targets Android users in Brazil. It has been active since November 2025, with attackers using social engineering tactics to distribute the trojanized app through fake lottery and Google Play websites.
How It Works
The NGate malware variant operates by patching the HandyPay app, which is designed to relay NFC data. Once installed, the malware can capture the victim's payment card PIN and send it to the attackers' command-and-control server. The malicious app has never been available on the official Google Play Store, making it crucial for users to be cautious about where they download applications.
Signs of Infection
Users may notice unusual activity on their payment cards or receive unexpected notifications related to transactions. If you have installed the HandyPay app from unofficial sources, you should be particularly vigilant.
How to Protect Yourself
Detection
- 1.Avoid downloading apps from unofficial sources: Only download applications from trusted platforms like the Google Play Store.
- 2.Enable Google Play Protect: Make sure this feature is enabled on your Android device to help detect and block malicious apps.
Removal
- 3.Monitor your financial transactions: Regularly check your bank statements for unauthorized transactions.
- 4.Report suspicious activity: If you suspect your information has been compromised, contact your bank immediately.
Conclusion
The emergence of this NGate malware variant highlights the increasing sophistication of cybercriminals, especially as they leverage AI tools to enhance their attacks. Users must remain vigilant and take proactive measures to protect their sensitive information from such threats.
🔒 Pro insight: The use of AI-generated code in malware development signifies a new era of cyber threats, lowering barriers for less skilled attackers.
