Analysis of NGate malware campaign (NFC relay) | CERT Polska

The NGate malware campaign uses social engineering and a fake bank support call to trick victims into installing an Android app that facilitates NFC relay attacks. This allows criminals to steal card data and PINs, enabling unauthorized ATM withdrawals. The app’s configuration is XOR-encrypted using a key derived from the APK’s signing certificate, and it can operate in either reader or emitter mode for the relay.