Switching from pin and chip cards to contactless cards seemed like the perfect way to keep oneself safe from credit card skimming However, new Android malware is exploiting the same technology used in tap-and-pay to steal payment data from unsuspecting victims

As reported by The Hacker News, the malware in question, dubbed NGate by security researchers at ESET, steals NFC data to clone contactless credit and debit cards on hackers' smartphones This cloned payment card can then be placed in the smartphone and used to withdraw funds from the victim's bank account at an ATM

Here is what you need to know about this new Android malware and how to protect yourself from hackers

The NGate malware is based on a legitimate tool called NFCGate, originally created by students at TU Darmstadt's Secure Mobile Networking Lab in 2015 Since then, however, the technology used in this tool has been weaponized by hackers

According to a new ESET report, the attackers behind this recent NGate campaign use a combination of social engineering and SMS phishing to trick unsuspecting Android users into installing malware directly This is done through fake sites that impersonate real banks or mobile apps on the Google Play store

Between November of last year and March of this year, as many as six different malicious apps spreading NGate malware were identified However, malicious activity slowed down significantly after a 22-year-old youth was arrested by law enforcement in the Czech Republic after he was found using a stolen card to withdraw funds from an ATM

Once one of the malicious apps used to distribute the NGate malware was installed on the victim's smartphone, through a phishing page displayed in WebView, the victim was asked to enter sensitive financial information such as bank transaction ID, date of birth, and bank card PIN code The victim is then asked to enter confidential financial information such as bank transaction ID, date of birth, and bank card PIN code Additionally, they are asked to turn on NFC on their smartphone and instructed to hold their debit or credit card over NFC until the malicious app recognizes the card

To make matters worse, the victim receives a phone call from an attacker pretending to be a bank employee, informing them that their account has been compromised because they installed the malicious app in question From there, the victim is asked to change their PIN and authenticate their card using another NGate app

Currently, the NGate malware is only used by hackers to target owners of the best Android phones in the Czech Republic However, like other online threats, this malware could easily spread to other countries around the world, including the United States, the United Kingdom, Canada, and Australia Therefore, one should be very careful with such complex malware attacks

To avoid infection with the “NGate” malware, ESET recommends that Android users download apps only from official app stores such as the Google Play Store, Samsung Galaxy Store, Amazon Appstore ESET recommends that Android users download apps only from official app stores such as Google Play Store, Samsung Galaxy Store, Amazon Appstore, etc Also, carefully scrutinize the URLs of websites you visit and avoid clicking on links in emails or messages from unknown senders

Since this attack exploits NFC to steal bank and credit cards, you may want to consider turning this feature off when not in active use It may also be worth investing in a cell phone case that blocks unwanted RFID scans This could prevent hackers from using NFC to steal your payment cards You may also want to consider using digital versions of physical cards on your phone These digital versions can be stored securely on the device and can be kept even more secure using biometrics such as fingerprints or face scans

Since we are dealing with malware, you also want to make sure that Google Play Protect is enabled on your device But for further protection, you should also consider using one of the best Android antivirus apps with it

In an email to Tom's Guide, a Google spokesperson provided further insight into this new Android malware threat, stating: 'At this time, we have not discovered any apps on Google Play that contain this malware Known versions of this malware are automatically protected for Android users by Google Play Protect, which is enabled by default on Android devices that use the Google Play service Google Play Protect can warn or block users against apps that are known to behave maliciously

Hackers are always coming up with clever new ways to steal your hard-earned money, and the NGate malware is a perfect example However, if you take the necessary precautions and are careful online, you should have no problem falling victim to this new threat