New NGate Android malware variant uses NFC app to steal card data

📅 21 April 2026 at 09:01 UTC📰 Cyber InsiderView original source ↗

A newly discovered variant of the NGate Android malware is abusing a legitimate NFC payment app to steal victims’ card data and PINs, enabling attackers to perform contactless withdrawals and payments. According to ESET researchers, who detailed their findings in a report shared with CyberInsider, the updated NGate variant replaces the previously abused NFCGate tool … The post New NGate Android malware variant uses NFC app to steal card data appeared first on CyberInsider.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A new variant of NGate Android malware is abusing a legitimate NFC payment app, HandyPay, to steal card data and PINs, enabling attackers to perform contactless withdrawals and payments. The malicious campaign appears to be financially motivated.

⚙️Technical Details

Affected Systems

Android devices

Attack Vectors

Fake lottery website impersonating 'Rio de Prêmios'Counterfeit Google Play page promoting a bogus 'card protection' appInstalling apps from unknown sources and setting the app as default payment service

💥Impact Assessment

Severity: high

Who Is at Risk

Android device users who install malicious HandyPay appVictims of phishing attacks or SMS links promoting fake appsSeverity: high

🛡️Recommended Actions

1Avoid installing apps from unofficial sources or links received via SMS or messaging apps

2Never enter payment card PINs into mobile applications unless absolutely certain in their legitimacy

3Keep NFC disabled when not in use and activate Google Play Protect to detect and block known threats like NGate

📦Affected Products

HandyPay Android app

Read the full article

This is a curated summary. The complete article is available at Cyber Insider.

Read on Cyber Insider ↗

← Back to feed