Jump directly to the content

A NEW strain of malware is ripping through Android devices and cloning people's bank cards, letting hackers go on spending sprees with cash that isn't theirs.

The hacking campaign, which was first detected in November last year, even lets threat actors silently withdraw money from ATMs.

Cyber crooks trick an Android user with a fake message about their banking app being outdated, urging them to install the latest version for security reasons
2
Cyber crooks trick an Android user with a fake message about their banking app being outdated, urging them to install the latest version for security reasonsCredit: Getty
Crooks use official bank app logos - and feature a legitimate-appearing login screen - to fool innocent victims into handing over their bank details
2
Crooks use official bank app logos - and feature a legitimate-appearing login screen - to fool innocent victims into handing over their bank detailsCredit: Getty

The new malware is called NGate, which can steal the information from payment cards and imitate them to make unauthorised payments.

Cyber researchers at ESET, who have published a new report on the malware, said it has been running rampant in Czechia.

It's possible the campaign could creep outside of the country.

Android owners can protect themselves, however.

READ MORE ON ANDROID

All they need to do is be wary of any suspicious texts, automated calls, pre-recorded messages or malvertising.

It's these four avenues that hackers take to gain access to banking information in NGate attacks.

Cyber crooks trick an Android user with a fake message about their banking app being outdated, urging them to install the latest version for security reasons.

They then send a link to download the malware that will allow hackers to clone the victims' bank cards.

Malvertisements - or, malicious adverts - often appear on social media, and can be used by hackers to lure victims into installing a supposedly critical app update.

Beware of Fake McAfee App: The Android Malware Scam Explained

The app updates are fake, and are actually progressive web apps (PWAs) used to disguise the NGate malware.

PWAs are a sophisticated phishing technique that mimic apps and browser windows with convincing web addresses to steal information.

They use official bank app logos - and feature a legitimate-appearing login screen - to fool innocent victims into handing over their bank details.

PWAs can even fool Google and Apple to bypass installation restrictions for apps outside the official stores.

Distinguishing fake PWAs from legitimate apps is nearly impossible.

How to spot a dodgy app

Detecting a malicious app before you hit the 'Download' button is easy when you know the signs.

Follow this eight-point checklist when you're downloading an app you're unsure about:

  1. Check the reviews - be wary of both complaints and uniformly positive reviews by fake accounts.
  2. Look out for grammar mistakes - legitimate app developers won't have typos or errors in their app descriptions.
  3. Check the number of downloads - avoid apps with only several thousand downloads, as it could be fake.
  4. Research the developer - do they have a good reputation? Or, are totally fake?
  5. Check the release date - a recent release date paired with a high number of downloads is usually bad news.
  6. Review the permission agreement - this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary.
  7. Check the update frequency - an app that is updated too frequently is usually indicative of security vulnerabilities.
  8. Check the icon - look closely, and don’t be deceived by distorted, lower-quality versions the icons from legitimate apps.

All of this information will available in both Apple's App Store and the Google Play Store.

Topics