google.com, pub-8701563775261122, DIRECT, f08c47fec0942fa0
USA

New Android malware enables real-time ATM withdrawals using your phone

New Android malware enables real-time ATM withdrawals using your phone

NEWYou can now listen to Fox News articles!

Smartphone banking has made life easier, but it has also opened new opportunities for cybercriminals.

Over the past few years, we’ve seen Android malware steal passwords, intercept OTPs, and even take remote control of phones to drain accounts. Some scams focus on fake banking apps, while others rely on phishing messages that trick you into entering sensitive details.

Security researchers have now discovered a new threat that goes one step further. Instead of simply stealing login information, this malware gives thieves the ability to go to the ATM and withdraw your money in real time.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent safety alerts and special deals straight to your inbox. You’ll also get instant access to my Ultimate Scam Survival Guide — free when you join me CYBERGUY.COM bulletin.

Android malware like NGate tricks users into downloading fake banking apps that steal sensitive data. (Kurt “CyberGuy” Knutsson)

How does NGate malware work?

The Polish Computer Emergency Response Team (CERT Polska) has discovered a new Android malware called NGate that uses NFC activity to access the victim’s bank account. This malware monitors contactless payment transactions on the victim’s phone and transmits all transaction data, including the PIN, directly to a server controlled by the attackers. It doesn’t just copy card details. Instead, it waits until the victim taps to pay or performs an authentication step, then captures the new, one-time authentication codes that modern Visa and Mastercard chips generate.

To achieve this, attackers must first infect the phone with a virus. They often send phishing messages claiming there is a security issue with the victim’s bank account. These messages often push people to download a fake banking app from an unofficial source. Once the victim installs the app, it guides them through fake verification prompts and asks for permissions that allow it to read NFC activity. Once the victim taps their phone or enters their PIN code, the malware hijacks everything the ATM needs to verify the withdrawal.

MANAGE ANDROID APPLICATIONS WITH THE NEW ‘REMOVE’ BUTTON

A Google phone

Once installed, the malware captures NFC tap-to-pay codes and PINs as soon as the victim uses their phone. (Kurt “CyberGuy” Knutsson)

What do attackers do with stolen data at an ATM?

Attackers rely on speed. Single-use codes generated during the NFC transaction are only valid for a short period of time. As soon as the infected phone captures the data, the information is uploaded to the attacker’s server. An accomplice waits near the ATM, holding a device that can emulate a contactless card. This could be another phone, a smartwatch, or special NFC hardware.

Once the data arrives, the accomplice presents the card impersonator device to the ATM. The machine treats it like a real card because the information includes new, valid authentication codes and the correct PIN. The ATM allows the withdrawal because everything seems to match a legitimate transaction. All of this happens without the criminal having to touch the victim’s physical card. It all comes down to timing, planning, and ensuring the victim completes the transaction on their phone without them knowing.

A man holds an Android-powered Google phone

Criminals use stolen, limited-time codes at the ATM to make real withdrawals without the victim’s card. (Kurt “CyberGuy” Knutsson)

7 steps you can take to protect yourself from Android NGate malware

As attacks like NGate become more sophisticated, staying safe comes down to a mix of good digital habits and a few simple tools that protect your phone and financial data.

1) Download apps only from Play Store

Most malicious banking apps spread through direct links sent via text or email. These links lead to APK files hosted on random servers. You only benefit from Google’s built-in security controls when you install apps from the Play Store. Play Protection regularly scans apps for malware and removes harmful ones from your device. However, it is important to remember that Google Play Protection may not be sufficient. Historically, removing all known malware from Android devices is not 100% foolproof. Avoid installing anything from outside the official store, even if attackers send convincing messages. If your bank asks you to update an app, you can always find it on the Play Store.

2) Use strong antivirus software

Carelessly touching a fake bank alarm could give criminals everything they need. Strong antivirus software can stop most threats before they cause damage. It scans new downloads, blocks unsafe connections, and alerts you when an app behaves in a way that could expose your financial data. Many threats, such as NGate, rely on fake banking applications; Therefore, having real-time scanning turned on gives you an early warning if something suspicious tries to install itself.

Get my picks for the 2025 best antivirus protection winners for your Windows, Mac, Android, and iOS devices at: cyberguy.com.

ATM ‘BONUS’ CRIME WAVE GROWS AFTER THIEVES WALK AWAY WITH HUNDREDS OF THOUSANDS OF CASH

3) Keep your device and apps updated

Security patches fix vulnerabilities that attackers use to hijack permissions settings or read sensitive data. The updates also improve how Android tracks NFC and payment activity. Turn on automatic updates for both the operating system and apps, especially banking and payment apps. A fully updated device closes most of the vulnerabilities that malware tries to exploit.

4) Use a password manager to avoid phishing traps

Phishing attacks often redirect you to fake websites or fake app landing pages that look identical to the real thing. A password manager saves your credentials and fills them in only when the website or app is genuine. If it refuses to autofill, this is a clear sign that you are on a fake page. Consider using a password manager to create and store complex passwords.

Next, see if your email has been subject to past breaches. Our #1 password manager pick includes a built-in breach scanner that checks to see if your email address or passwords appear in known leaks. If you find a match, immediately replace reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at: cyberguy.com.

5) Turn on two-factor authentication for all financial services

Two-factor authentication It gives you a second layer of protection even if your password is compromised. App-based authenticators are more secure than SMS codes because they cannot be easily intercepted. Enabling 2FA in banking applications creates trouble for attackers trying to perform unauthorized actions. Combined with strong passwords from a password manager, it significantly reduces the chances of account takeover.

6) Ignore suspicious texts, emails and calls

Attackers rely on immediacy to trick you. They often claim that your card has been blocked, your account has been frozen, or a payment needs to be verified. These messages urge you to act quickly and install a fake app. Always pause and check your bank’s official channels. Contact the bank through verified customer service numbers or the official app. Never click on links or open attachments in unsolicited messages, even if they appear legitimate.

7) Review app permissions

Most people install apps and forget about them. Applications that are not used over time accumulate unnecessary permissions, increasing the risk. Open your phone’s permissions settings and check what each app can access. If a simple tool asks for access to NFC, messages, or accessibility features, remove it. Attackers take advantage of these excessive permissions to monitor your activity or capture data without your knowledge.

Kurt’s important takeaway

Cybercriminals are now combining social engineering with secure hardware features in modern payment systems. Malware does not compromise NFC security. Instead, it tricks you into making a real transaction and steals one-time codes at that moment. This makes the attack harder to detect and even harder to reverse once the retreat has occurred. The best defense is simple awareness. If a bank asks you to download an app from outside the Play Store, consider this as a warning sign. Keeping your phone clean is now as important as keeping your physical card safe.

Have you ever downloaded an app from outside the Play Store? Let us know by writing to us. cyberguy.com.

CLICK TO DOWNLOAD FOX NEWS APPLICATION

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent safety alerts and special deals straight to your inbox. You’ll also get instant access to my Ultimate Scam Survival Guide — free when you join me CYBERGUY.COM bulletin.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning technology journalist with a deep love for technology, hardware and devices that make life better, with his morning appearances on “FOX & Friends” and his contributions to Fox News and FOX Business. Have a technical question? Get Kurt’s free CyberGuy Newsletter and share your voice, story idea or comment CyberGuy.com.

Tags

Related Articles

U.K.–India deal set to boost bilateral trade by over billion a year

U.K.–India deal set to boost bilateral trade by over $34 billion a year

July 25, 2025
AMD’s Su sees 35% annual sales growth driven by ‘insatiable’ AI demand

AMD’s Su sees 35% annual sales growth driven by ‘insatiable’ AI demand

November 12, 2025
The CEO mindset is shifting. It’s no longer all about winning

The CEO mindset is shifting. It’s no longer all about winning

July 6, 2025
Trump’s ‘Odd’ Body Language During Meeting With Chinese President Spoke Volumes, Experts Say

Trump’s ‘Odd’ Body Language During Meeting With Chinese President Spoke Volumes, Experts Say

October 31, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button