Heaptalk, Jakarta — Cybercriminals continue exploiting software vulnerabilities to launch attacks. The latest involves introducing malicious software, or malware, into Near-Field Communication (NFC) readers.
Cybersecurity firm ESET explained that the modus operandi involves sending a text message containing urgent information, prompting recipients to install a specific application on their phone.
The message typically involves issues related to tax refunds. Once the victim clicks on the link to the website provided, their data is collected. This matter allows the criminals to access the victim’s bank account. Furthermore, they will call the victim, posing as bank employees.
The swindler will convey to the victim the message they previously received. The victim will be asked to change their PIN and verify their card to protect their account. The next step involves asking the victim to activate their card using the NFC scanner on their phone. Nevertheless, the mobile app installed is NGate malware. The victim’s card data from the NFC will be sent to the criminal’s phone. The scammers will clone the card and conduct fraudulent transactions to withdraw money.
Phone Arena reported that Google has denied the existence of malware in apps on the Play Store. The Play Protect feature will alert users and block malicious apps. However, this crime has already targeted three banks in the Czech Republic and six NGate apps have been discovered outside of the Play Store.
Phone Arena also provided tips to prevent people from becoming victims of such scams, including not sharing personal information such as PINs online. Additionally, it is recommended that you contact the company requesting access to verify the message’s authenticity. You can also obtain official numbers from legitimate services such as Google rather than relying on those provided in suspicious messages.
