NFC tap-to-pay gets tapped by hackers
Summary
Cybercriminals are using a trojanized Android payment application, HandyPay, with the NGate malware to steal NFC data and PINs. This allows them to clone payment cards and withdraw cash from ATMs remotely. The attackers are suspected of using Generative AI to modify the legitimate application.
IFF Assessment
This is bad news for defenders as it demonstrates a sophisticated method for compromising payment systems and stealing funds by leveraging legitimate applications and potentially AI for malicious code injection.
Defender Context
Defenders should be aware of the evolving tactics used by malware operators, such as repurposing legitimate NFC applications and the potential use of AI in creating malicious payloads. Users should be cautious of unofficial app downloads and verify the authenticity of payment and lottery applications.