New Android Malware Enables Real-Time ATM Withdrawals Using Stolen NFC Payment Codes

WASHINGTON — A newly discovered Android malware called NGate allows criminals to steal contactless payment codes and PINs in real time, enabling them to withdraw cash from ATMs without the victim’s physical card, according to cybersecurity officials.

The malware was identified by the Polish Computer Emergency Response Team (CERT Polska). NGate targets Android users by tricking them into downloading fake banking apps through phishing messages that claim there is a security issue with their bank account. These apps, which are distributed outside official app stores, request permissions to monitor Near Field Communication (NFC) activity on the infected device.

Once installed, NGate monitors contactless payment actions on the victim’s phone. It captures transaction data, including one-time authentication codes generated by Visa and Mastercard chips, as well as the user’s PIN entered during verification steps. This data is then transmitted to a server controlled by the attackers.

The stolen information is time-sensitive, as the one-time codes are valid only for a short period. Criminal accomplices wait near ATMs with devices capable of emulating contactless cards, such as smartphones, smartwatches, or specialized NFC hardware. When the data arrives, the accomplice uses the emulation device to authenticate a withdrawal at the ATM, which treats the transaction as legitimate because it contains valid codes and the correct PIN.

This method goes beyond traditional malware that steals login credentials or intercepts one-time passwords by enabling immediate cash withdrawals without the victim’s card. Security experts warn that this new threat highlights the risks associated with downloading apps from unofficial sources and emphasize the importance of vigilance against phishing attempts.

Users are advised to avoid installing apps from unknown sources and to be cautious of messages prompting urgent security actions related to their bank accounts. Monitoring bank statements regularly and using official banking apps can help reduce the risk of infection by such malware.